What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.
Explanation of Vulnerability in Simple Terms
Seven Stars versions up to 1.4.4 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. The vulnerability requires user interaction—typically clicking a malicious link or visiting a compromised page. An attacker cannot read data or disrupt service, but can modify site content or settings if a logged-in administrator visits their crafted page.
What an attacker can do
Perform unauthorized actions (like changing settings or content) on behalf of a logged-in user who visits a malicious page.
Potential impact on your site
Site settings, content, or user data could be altered without your knowledge if an admin visits a compromised page.
Conditions required to exploit
A logged-in site user must visit a page controlled by the attacker, or click a malicious link sent to them.
Key dates
External resources