WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Private Files plugin version 0.40 and earlier versions are vulnerable to cross-site request forgery, which stems from a lack of CSRF checks. An attacker could use this vulnerability to enable a logged-in administrator to perform such an action and make the blog public via a CSRF attack.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress private files plugin | lt | 0.40 |