WordPress Plugin Vulnerabilities
Xserver Migrator < 1.6.2.1 - Arbitrary File Upload via CSRF
Description
The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to upload arbitrary files granted they can trick a site administrator into performing an action such as clicking on a link.
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Dimas Maulana
Verified
No
WPVDB ID
Timeline
Publicly Published
2024-04-29 (about 2 years ago)
Added
2024-05-07 (about 2 years ago)
Last Updated
2024-05-28 (about 2 years ago)