PT-2019-7386 · WordPress · Googmonify Plugin
Published
2019-09-26
·
Updated
2019-09-26
·
CVE-2015-9427
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
googmonify plugin versions through 0.5.1 for WordPress
Description
The issue concerns a CSRF with resultant XSS. It is exploitable via the
wp-admin/options-general.php?page=googmonify.php endpoint, specifically through the PID or AID parameters.Recommendations
For versions through 0.5.1, consider disabling access to the
wp-admin/options-general.php?page=googmonify.php endpoint until a patch is available. Restrict the use of the PID and AID parameters in this endpoint to minimize the risk of exploitation.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Googmonify Plugin