What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress varnish-wp allows Cross Site Request Forgery.This issue affects Varnish WordPress: from n/a through <= 1.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress varnish-wp allows Cross Site Request Forgery.This issue affects Varnish WordPress: from n/a through <= 1.7.
Explanation of Vulnerability in Simple Terms
The Varnish WordPress plugin through version 1.7 does not properly validate requests, allowing attackers to perform unwanted actions on behalf of site administrators. An attacker can craft a malicious link or page that, when visited by an admin, executes administrative functions without their knowledge. This affects site configuration and data integrity. Update to a version newer than 1.7.
What an attacker can do
Perform administrative actions on the site by tricking an admin into visiting a malicious page.
Potential impact on your site
Attackers can modify site settings, content, or user accounts if an admin is tricked into visiting a malicious page.
Conditions required to exploit
An administrator must visit a page or click a link controlled by the attacker.
Key dates
External resources