ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Users to CSV Plugin <= 1.4.5 - Cross Site Request Forgery (CSRF)

Product
Users to CSV
Description
Because of this vulnerabiliy, user information can be exported via a GET request to users.php.
Solution
Disable the plugin.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
SecLists
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.5
Fixed In 1.4.6
Disclosure date
2015-06-15
Submitter
ThreatPress