What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through <= 3.1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives wp-easyarchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through <= 3.1.2.
Explanation of Vulnerability in Simple Terms
WP-EasyArchives versions 3.1.2 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without the admin's knowledge or consent. The vulnerability affects all versions from 0 to 3.1.2.
What an attacker can do
Trick a logged-in admin into performing unwanted actions on the site via a malicious webpage.
Potential impact on your site
Attackers can modify site settings or content if they trick admins into visiting malicious pages.
Conditions required to exploit
Admin must visit attacker's webpage while logged into WordPress.
Key dates
External resources
Related vulnerabilities