Cross-Site Request Forgery Vulnerability in ARPrice Lite Plugin for WordPress
CVE-2019-14679

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Arprice Lite
Vendor: CVE Published:; 8 August 2019

Summary

The ARPrice Lite plugin for WordPress version 2.2 contains a Cross-Site Request Forgery (CSRF) vulnerability in the administration interface. This vulnerability allows an attacker to exploit the plugin's functionality, potentially enabling them to perform unauthorized actions on behalf of an authenticated user. By crafting a malicious request, attackers can manipulate the plugin, which could lead to further exploitation of the affected WordPress site.

References

https://www.pluginvulnerabilities.com/2019/07/11/cross-si...

x_refsource_MISC

https://wordpress.org/plugins/arprice-responsive-pricing-...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2019
Vulnerability Reserved
Aug 5, 2019