Full Disclosure

CSRF/XSS vulnerability in Private Only could allow an attacker to do almost anything an admin user can (WordPress plugin)

August 28, 2015 007admin Leave a comment

Posted by dxw Security on Aug 27

Details
================
Software: Private Only
Version: 3.5.1
Homepage: http://wordpress.org/plugins/private-only/
Advisory report:
https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: CVE-2015-5483
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)

Description
================
CSRF/XSS vulnerability in Private Only could allow an attacker to do almost…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information