Cross-Site Request Forgery Vulnerability in Easy Property Listings by WordPress
CVE-2020-5530

8.8HIGH

Key Information:

Vendor

WordPress
Status
Easy Property Listings
Vendor
CVE Published:
18 February 2020

What is CVE-2020-5530?

A cross-site request forgery (CSRF) vulnerability exists in Easy Property Listings prior to version 3.4, which allows remote attackers to exploit this weakness. By sending specially crafted requests, an attacker can hijack the authentication of administrators, potentially leading to unauthorized access and control over the plugin. This type of vulnerability emphasizes the need for stringent security measures to protect administrative functions from deceptive external requests.

Affected Version(s)

Easy Property Listings versions prior to 3.4

References

https://wordpress.org/plugins/easy-property-listings/#dev...
x_refsource_MISC
https://jvn.jp/en/jp/JVN89259622/index.html
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10075
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.