Cross-Site Request Forgery Vulnerability in WP Spell Check by WordPress
CVE-2019-6027

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Spell Check
Vendor: CVE Published:; 26 December 2019

Summary

A cross-site request forgery (CSRF) vulnerability exists in the WP Spell Check plugin. This flaw can be exploited by remote attackers to hijack the authentication of administrators. By leveraging unspecified vectors, an unauthorized user can potentially perform actions on behalf of an admin, compromising the site's security. It is crucial for users of WP Spell Check to ensure they update to the latest version to protect against such security risks.

Affected Version(s)

WP Spell Check 7.1.9 and earlier

References

https://wordpress.org/plugins/wp-spell-check/

x_refsource_MISC

http://jvn.jp/en/jp/JVN26838191/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Jan 10, 2019