ThreatPress

WordPress Vulnerabilities Database

Back

WordPress More Fields Plugin 2.1 - CSRF

Product
More Fields
Description
This vulnerability is disabled for all functions (add box and delete box options). Because of that, an attacker can add or delete extra fields in additional boxes on the edit page in the Admin.
Solution
Upgrade the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 2.1
Fixed In 2.2
Disclosure date
2016-02-29
Credits
Aatif Shahdad