What the vulnerability does
01Description
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
What the vulnerability does
Unauthenticated Cross Site Request Forgery (CSRF) in pCloud WP Backup <= 2.0.2 versions.
Explanation of Vulnerability in Simple Terms
pCloud WP Backup versions up to 2.0.2 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted backup or configuration actions without the admin's knowledge or consent. The vulnerability requires the victim to visit the attacker's page while authenticated to the WordPress site.
What an attacker can do
Perform backup or configuration changes on behalf of a logged-in administrator without their consent.
Potential impact on your site
Attackers can modify backup settings, trigger unwanted backups, or alter plugin configuration through a victim admin's browser session.
Conditions required to exploit
Administrator must be logged into WordPress and visit an attacker-controlled webpage.
Key dates
External resources
Related vulnerabilities