What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through <= 1.4.
Explanation of Vulnerability in Simple Terms
Theme Changer versions 1.4 and earlier contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. The vulnerability requires the user to visit a malicious webpage while authenticated. An attacker can modify site settings or perform other administrative actions without the user's knowledge.
What an attacker can do
Perform unauthorized actions on the site by tricking a logged-in user into visiting a malicious webpage.
Potential impact on your site
Site settings or configuration could be changed without your consent if an admin visits a malicious link.
Conditions required to exploit
User must be logged in and visit an attacker-controlled webpage while authenticated.
Key dates
External resources