The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn’t provide enough information on which actions could be performed.
CPE | Name | Operator | Version |
---|---|---|---|
podlove-podcasting-plugin-for-wordpress | lt | 3.8.4 |