PT-2019-7386 · WordPress · Googmonify Plugin
Publicado
2019-09-26
·
Atualizado
2019-09-26
·
CVE-2015-9427
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
googmonify plugin versions through 0.5.1 for WordPress
Description
The issue concerns a CSRF with resultant XSS. It is exploitable via the
wp-admin/options-general.php?page=googmonify.php endpoint, specifically through the PID or AID parameters.Recommendations
For versions through 0.5.1, consider disabling access to the
wp-admin/options-general.php?page=googmonify.php endpoint until a patch is available. Restrict the use of the PID and AID parameters in this endpoint to minimize the risk of exploitation.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Googmonify Plugin