copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin)

Posted by dxw Security on Dec 21

Details
================
Software: copy-me
Version: 1.0.0
Homepage: http://wordpress.org/plugins/copy-me/
Advisory report:
https://security.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)

Description
================
copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts

Vulnerability
================
This…

007 Software