WP Social Feed Gallery < 2.4.8 - CSRF & Missing Authorisation Checks



Description
The lack of CSRF and Authorisations checks in some AJAX methods, such as qligg_dismiss_notice and qligg_form_item_delete could allow attacker to perform unauthorised actions via actions when logged in as a low privilege user, or via CSRF attacks.

Affects Plugin

fixed in version 2.4.8

References

CVE 2019-15779

Classification

Type MULTI

Miscellaneous

Views 1748
Verified No
WPVDB ID 9853

Timeline

Publicly Published 2019-08-12 (3 months ago)
Added 2019-08-29 (3 months ago)
Last Updated 2019-08-29 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin