CSRF attack vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Dan

    (@dangoodman)

    The issue was fixed in 5.5.0 about two months ago.

    I have a hosting with WP Engine, and according to their plugin vulnerability scan, this issue is still present in version 5.5.4 of your plugin.

    Security risk:?csrf.?This vulnerability allows an attacker to target privileged authenticated users with malicious links that make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.
    Severity:?medium
    Fixed in:?no fix yet

    Plugin Author Dan

    (@dangoodman)

    @zjagust, you can drop them a line so they update their database.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘CSRF attack vulnerability’ is closed to new replies.