Simple Membership <= 3.8.4 - Cross-Site Request Forgery (CSRF)



Description
CSRF issue in the Bulk Operation menu tab
Proof of Concept
https://youtu.be/HkTD8DhhwhM
https://gofile.io/?c=zWYnLM - CSRF html files

Affects Plugin

fixed in version 3.8.5

References

CVE 2019-14328
PACKETSTORM 153801

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher rubyman
Submitter rubyman
Submitter Website https://www.linkedin.com/in/mehdi-esmaeilpour-a9b633141/
Submitter Twitter https://twitter.com/rrubymann
Views 2719
Verified No
WPVDB ID 9482

Timeline

Publicly Published 2019-07-27 (29 days ago)
Added 2019-07-27 (29 days ago)
Last Updated 2019-08-13 (12 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin