Beta

Report

LiveSync <= 1.0 is vulnerable to Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Unauthenticated
Published
2022-05-15

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1712

CVSS

Score:5.4

Severity:Medium

Version: 1.0

The plugin vendor has not patched this vulnerability at the moment.