WP Spell Check <= 7.1.9 - Cross-Site Request Forgery (CSRF)



Description
The plugin was affected by a CSRF vulnerability, allowing attackers to force logged in users perform unwanted actions, which could lead to Cross-Site Scripting (XSS).

Affects Plugin

fixed in version 7.1.10

References

CVE 2019-6027
URL https://jvn.jp/en/jp/JVN26838191/index.html
URL https://plugins.trac.wordpress.org/changeset/2127548/wp-spell-check

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Original Researcher Takuya Yamaguchi
Views 54557
Verified No
WPVDB ID 9956

Timeline

Publicly Published 2019-11-26 (18 days ago)
Added 2019-11-26 (18 days ago)
Last Updated 2019-11-28 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin