CSRF Vulnerability in WHIZZ Plugin for WordPress
CVE-2017-8099
8.1HIGH
What is CVE-2017-8099?
The WHIZZ plugin for WordPress, prior to version 1.1.1, is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw allows an attacker to execute unauthorized actions on behalf of a user without their consent. Specifically, attackers can send malicious GET requests to delete any WordPress users or alter the plugin's operational status. This vulnerability poses a significant risk to WordPress installations leveraging this plugin, as it could enable unauthorized access and control over user accounts.