What the vulnerability does
01Description
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.
Explanation of Vulnerability in Simple Terms
SEOWP versions up to 3.12.2 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a logged-in user. The vulnerability requires the user to visit a malicious page while authenticated. An attacker can modify site settings, create content, or change configurations without the user's knowledge.
What an attacker can do
Perform unauthorized actions on the site (change settings, create content) on behalf of a logged-in user.
Potential impact on your site
Site settings, content, or user accounts could be modified by attackers without your knowledge or consent.
Conditions required to exploit
A logged-in site user must visit an attacker-controlled page or click a malicious link.
Key dates
External resources
Related vulnerabilities