CSRF Vulnerability in WaspThemes Visual CSS Style Editor Plugin for WordPress
CVE-2019-11886

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Visual Css Style Editor
Vendor
CVE Published:
13 May 2019

Summary

The WaspThemes Visual CSS Style Editor plugin for WordPress before version 7.2.1 is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability allows remote attackers to leverage the yp_option_update functionality to gain unauthorized administrative access. By exploiting this weakness, attackers can send unauthorized requests, thereby compromising the site's security and functionality. It's essential for users to update to the latest version to mitigate this risk and ensure the integrity of their WordPress sites.

References

https://wpvulndb.com/vulnerabilities/9256
x_refsource_MISC
https://wordpress.org/plugins/yellow-pencil-visual-theme-...
x_refsource_MISC
https://www.wordfence.com/blog/2019/04/zero-day-vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.