Full Disclosure

CVE Request:Multiple CSRF in WordPress WHIZZ allow attackers to delete any wordpress users and change plugins status

April 7, 2017 007admin Leave a comment

Posted by Wester 95 on Apr 07

Hi team,

I would like to request one CVE id, thank you!

Details

======

Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/

=======

Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status

POC:

========

include in the page ,then attack will occur:

delete user:

<img
src=”…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information