What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
Explanation of Vulnerability in Simple Terms
The WOLF WordPress plugin versions up to 1.0.7 contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions within the plugin without the administrator's knowledge or consent. The vulnerability requires the victim to visit the attacker's page while authenticated to WordPress.
What an attacker can do
Perform unwanted actions in the plugin on behalf of a logged-in administrator without their consent.
Potential impact on your site
An attacker could modify post bulk editing settings or perform bulk operations on your site's posts without your knowledge.
Conditions required to exploit
Administrator must be logged into WordPress and visit a page controlled by the attacker.
Key dates
External resources
Related vulnerabilities