CSRF Vulnerability in CopySafe Web Protection Plugin for WordPress
CVE-2017-8100

6.5MEDIUM

Key Information:

Vendor

Wordpress
Status
Copysafe Web Protection
Vendor
CVE Published:
24 April 2017

What is CVE-2017-8100?

The CopySafe Web Protection plugin prior to version 2.6 contains a Cross-Site Request Forgery vulnerability that could allow malicious actors to alter plugin settings without proper authorization. This flaw could be exploited to compromise the integrity of the web protection features, potentially enabling unauthorized access to sensitive content. To ensure the security of your WordPress site, it is crucial to upgrade to the latest version of the plugin.

References

https://wordpress.org/plugins/wp-copysafe-web/#developers
x_refsource_MISC
http://seclists.org/fulldisclosure/2017/Apr/42
x_refsource_MISC
http://www.securityfocus.com/bid/98091
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.