WP Spell Check < 7.1.10 - Cross-Site Request Forgery (CSRF)



Description
The plugin was affected by a CSRF vulnerability, allowing attackers to force logged in users perform unwanted actions, which could lead to Cross-Site Scripting (XSS).

Affects Plugin

fixed in version 7.1.10

References

CVE 2019-6027
URL https://jvn.jp/en/jp/JVN26838191/index.html
URL https://plugins.trac.wordpress.org/changeset/2127548/wp-spell-check

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Takuya Yamaguchi
Views 256064
Verified No
WPVDB ID 9956

Timeline

Publicly Published 2019-11-26 (4 months ago)
Added 2019-11-26 (4 months ago)
Last Updated 2020-03-05 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin