Cross-Site Request Forgery in wpForo Plugin for WordPress
CVE-2019-19109

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WPforo
Vendor: CVE Published:; 15 June 2020

Summary

The wpForo plugin version 1.6.5 for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which could allow attackers to perform unauthorized actions on behalf of authenticated users. This can lead to potential exposure of sensitive information or unwanted changes within user groups if exploited. Site administrators are encouraged to ensure that proper CSRF protections are in place to safeguard against these types of attacks. For further details and updates, refer to the community discourse regarding the issue.

References

https://twitter.com/Sh0ckFR/status/1257298443527053313

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2020
Vulnerability Reserved
Nov 18, 2019