CVE-2018-8814

Name of the Vulnerable Software and Affected Versions WolfCMS version 0.8.3.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that modify plugin settings by crafting a malicious request. This can be done by exploiting the plugin/[pluginname]/settings endpoint.

Recommendations For WolfCMS version 0.8.3.1, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests from modifying plugin settings. As a temporary workaround, restrict access to the plugin/[pluginname]/settings endpoint to minimize the risk of exploitation.