ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Portfolio Plugin <= 1.04 - CSRF

Product
Portfolio
Description
This vulnerability allows an attacker to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page which is in the wp-admin/options-general.php.
Solution
Update the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
CVE Mitre
CVE
Name CVE-2015-6523
Versions
Affected In <= 1.04
Fixed In 1.05
Disclosure date
2015-08-19