Cross-Site Request Forgery Vulnerability in Acurax Social Media Widget by WordPress
CVE-2018-6357
8.8HIGH
What is CVE-2018-6357?
The Acurax Social Media Widget, specifically the acx_asmw_saveorder_callback function in its function.php file, is susceptible to Cross-Site Request Forgery (CSRF) attacks in versions prior to 3.2.6. This vulnerability allows an attacker to exploit the recordsArray parameter while making requests to wp-admin/admin-ajax.php, potentially leading to unauthorized actions. Consequently, this can be leveraged to execute an XSS attack, compromising user data and site integrity.