ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Add From Server Plugin 3.3.1 Plugin - CSRF

Product
Add From Server
Description
A Cross-Site Request Forgery (CSRF) was discovered in WordPress Add From Server Plugin 3.3.2 plugin. The function handle_imports() in add-from-server/class.add-from-server.php is not protected with an anti-Cross-Site Request Forgery token, therefore it allows remote attackers to add illegal content to the victims server.
Solution
Update Add From Server Plugin to 3.3.2 version.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit DB
SumOfPwn
CVE
Name CVE-N/A
Versions
Affected In <= 3.3.1
Fixed In 3.3.2
Disclosure date
2016-07-18
Credits
Edwin Molenaar