Cross-Site Request Forgery in Twitter Cards Meta Plugin for WordPress
CVE-2017-18504

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Twitter Cards Meta
Vendor: CVE Published:; 12 August 2019

What is CVE-2017-18504?

The Twitter Cards Meta plugin for WordPress, prior to version 2.5.0, is prone to a Cross-Site Request Forgery (CSRF) vulnerability. Attackers can exploit this weakness by tricking a user into initiating an unwanted action on behalf of that user. If successfully executed, this could lead to unauthorized changes in the user's account or actions carried out under their authority without their knowledge.

References

https://wordpress.org/plugins/twitter-cards-meta/#developers

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2019
Vulnerability Reserved
Aug 12, 2019

Wordpress

What is CVE-2017-18504?

References

CVSS V3.1

Timeline