WordPress Plugin Vulnerabilities

WP Server Health Stats < 1.7.4 - Cross-Site Request Forgery

Description

The WP Server Health Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.3. This is due to missing or incorrect nonce validation on the wpss_cache_purge_callback() function. This makes it possible for unauthenticated attackers to trigger the purge callback via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Fixed in 1.7.4

References

Classification

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No

Timeline

Publicly Published
2024-04-05 (about 2 years ago)
Added
2024-04-11 (about 2 years ago)
Last Updated
2024-04-11 (about 2 years ago)

Other