What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through <= 3.3.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in hitoy Super Static Cache super-static-cache allows Cross Site Request Forgery.This issue affects Super Static Cache: from n/a through <= 3.3.5.
Explanation of Vulnerability in Simple Terms
Super Static Cache versions 3.3.5 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the cache plugin without the admin's knowledge or consent. The vulnerability requires the admin to visit the attacker's page but does not require the attacker to have any account on the target site.
What an attacker can do
Perform unwanted actions on the cache plugin by tricking a logged-in admin into visiting a malicious webpage.
Potential impact on your site
An attacker can modify cache settings or trigger cache operations without your permission if you visit a malicious link while logged in.
Conditions required to exploit
A logged-in site administrator must visit a webpage controlled by the attacker.
Key dates
External resources