CSRF Vulnerability in Crony Cronjob Manager Plugin for WordPress
CVE-2017-14530

8HIGH

Key Information:

Vendor
Wordpress
Status
Crony Cronjob Manager
Vendor
CVE Published:
18 September 2017

Summary

The Crony Cronjob Manager plugin for WordPress contains a vulnerability that allows unauthorized commands to be executed due to its inadequate validation of the 'name' parameter in the 'action=manage&do=create' operation, making it susceptible to CSRF attacks. An attacker could exploit this flaw by crafting a malicious request to insert harmful scripts, potentially compromising the security of the WordPress site.

References

https://wordpress.org/plugins/crony/#developers
x_refsource_MISC
https://github.com/cybersecurityworks/Disclosed/issues/9
x_refsource_MISC
https://cybersecurityworks.com/zerodays/cve-2017-14530-cr...
x_refsource_MISC

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.