What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8.
Explanation of Vulnerability in Simple Terms
Bloggie versions up to 2.0.8 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. The vulnerability requires user interaction—the victim must visit a malicious page while authenticated. Successful exploitation can result in unauthorized changes to site content or settings.
What an attacker can do
Perform unauthorized actions on the site on behalf of a logged-in user without their knowledge.
Potential impact on your site
An attacker can modify site content, settings, or user accounts if a logged-in admin or user visits a malicious link.
Conditions required to exploit
Victim must be logged in and visit an attacker-controlled page or link while authenticated.
Key dates
External resources