Cross-Site Request Forgery Vulnerability in Amministrazione Trasparente Plugin for WordPress
CVE-2021-4398
8.8HIGH
Summary
The Amministrazione Trasparente plugin for WordPress has a vulnerability that permits Cross-Site Request Forgery due to inadequate nonce validation in the at_save_aturl_meta() function. This weakness potentially allows malicious actors to manipulate site administrators into executing unintended actions, thus granting unauthorized alterations to meta data without proper authentication.
Affected Version(s)
Amministrazione Trasparente * <= 7.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jerome Bruandet