CSRF Vulnerability in Companion Sitemap Generator Plugin for WordPress
CVE-2019-15113

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Companion Sitemap Generator
Vendor
CVE Published:
16 August 2019

Summary

The Companion Sitemap Generator plugin for WordPress, prior to version 3.7.0, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This allows attackers to exploit the plugin by sending unauthorized requests to perform actions on behalf of signed-in users without their consent. Users running affected versions are advised to update immediately to avoid potential unauthorized actions and maintain platform security.

References

https://wordpress.org/plugins/companion-sitemap-generator...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.