What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 wp2wb allows Stored XSS.This issue affects WordPres 同步微博: from n/a through <= 1.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in iiiryan WordPres 同步微博 wp2wb allows Stored XSS.This issue affects WordPres 同步微博: from n/a through <= 1.1.0.
Explanation of Vulnerability in Simple Terms
A cross-site request forgery (CSRF) vulnerability in the WordPress 同步微博 plugin allows an attacker to perform unauthorized actions on behalf of a logged-in site administrator. The attacker must trick an admin into visiting a malicious webpage while logged into WordPress. Successful exploitation can result in unauthorized changes to site settings or content.
What an attacker can do
Perform unauthorized actions on the site by tricking an admin into visiting a malicious webpage.
Potential impact on your site
An attacker can modify site settings or content if they trick an admin into clicking a malicious link.
Conditions required to exploit
Site admin must be logged into WordPress and visit an attacker-controlled webpage.
Key dates
External resources