What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.6.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Eugen Bobrowski Robots.txt rewrite robotstxt-rewrite allows Cross Site Request Forgery.This issue affects Robots.txt rewrite: from n/a through <= 1.6.1.
Explanation of Vulnerability in Simple Terms
The Robots.txt rewrite plugin through version 1.6.1 is vulnerable to cross-site request forgery (CSRF). An attacker can trick a site administrator into performing unintended actions by visiting a malicious webpage while logged in. The vulnerability allows modification of the robots.txt file without proper request verification.
What an attacker can do
Trick an admin into modifying the site's robots.txt file via a malicious webpage.
Potential impact on your site
Attackers can alter your robots.txt file, potentially hiding or exposing pages to search engines without your knowledge.
Conditions required to exploit
Admin must be logged in and visit an attacker-controlled page; no special privileges required.
Key dates
External resources