What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.
Explanation of Vulnerability in Simple Terms
ServerBuddy by PluginBuddy.com versions up to 1.0.5 contain a cross-site request forgery (CSRF) vulnerability. An authenticated attacker can perform unauthorized actions on behalf of a logged-in administrator without their knowledge or consent. The vulnerability requires the attacker to trick an admin into visiting a malicious page while logged in. No patch version is currently available.
What an attacker can do
Perform unauthorized administrative actions on the site without the admin's knowledge.
Potential impact on your site
An attacker with user access can trick admins into making unwanted configuration or data changes.
Conditions required to exploit
Attacker needs a valid user account; victim admin must visit attacker-controlled page while logged in.
Key dates
External resources
Related vulnerabilities