What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Animator scroll-triggered-animations allows Cross Site Request Forgery.This issue affects Animator: from n/a through <= 3.0.16.
Explanation of Vulnerability in Simple Terms
Toast Plugins Animator versions 3.0.16 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions within the plugin without the administrator's knowledge or consent. The vulnerability requires user interaction—the admin must visit the attacker's page while authenticated.
What an attacker can do
Perform unwanted actions in the Animator plugin on behalf of a logged-in administrator.
Potential impact on your site
An attacker can trick your administrators into unknowingly changing plugin settings or data via a malicious link or webpage.
Conditions required to exploit
Administrator must visit an attacker-controlled webpage while logged into the site.
Key dates
External resources
Related vulnerabilities