CVE-2019-14683 Information
Feb 14, 2021
cve
Description
The codection \Import users from CSV with meta\ plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Reference
https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2112013 https://wordpress.org/plugins/import-users-from-csv-with-meta/developers https://wpvulndb.com/vulnerabilities/9392 https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-media-deletion-vulnerability-in-import-users-from-csv-with-meta/
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.7
Share on: