ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability

Product
ImageInject
Description
Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin (version 1.15). Vulnerable via wp-admin/options-general.php.
Solution
1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use.
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-2018-5285
Versions
Affected In 1.15
Disclosure date
2018-01-09
Credits
wpl0v3r
Submitter
ThreatPress