CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Md Taufiqur Rahman RIS Version Switcher – Downgrade or Upgrade WP Versions Easily ris-version-switcher allows Cross Site Request Forgery.This issue affects RIS Version Switcher – Downgrade or Upgrade WP Versions Easily: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
The RIS Version Switcher WordPress plugin version 1.0 and earlier is vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without the admin's knowledge or consent. This could allow the attacker to modify WordPress settings or trigger unintended plugin operations.
What an attacker can do
Trick a logged-in admin into performing unwanted actions on the site via a malicious webpage.
Potential impact on your site
An attacker can modify site settings or plugin behavior if they trick your admin into visiting a malicious link while logged in.
Conditions required to exploit
Admin must visit a malicious webpage while logged into WordPress. No special privileges or authentication by the attacker required.
Key dates
External resources
Related vulnerabilities
