Video Playlist and Gallery Plugin wp-media-cincopa.php cross-site request forgery
CVE-2015-10109

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Video Playlist And Gallery Plugin
Vendor
CVE Published:
1 June 2023

Summary

A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.

Affected Version(s)

Video Playlist and Gallery Plugin 1.136

References

https://vuldb.com/?id.230264
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230264
signaturepermissions-required
https://github.com/wp-plugins/video-playlist-and-gallery-...
patch

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.