ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Metronet Tag Manager plugin <=1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability

Product
Metronet Tag Manager
Description
Cross-Site Request Forgery (CSRF) vulnerability found by Tom Adams (dxw) in WordPress Metronet Tag Manager plugin (versions <=1.2.7).
Solution
Update the WordPress Metronet Tag Manager plugin to the latest available version (at least 1.2.9).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=1.2.7
Fixed In 1.2.9
Disclosure date
2018-05-17
Credits
Tom Adams
Submitter
ThreatPress