There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
browserweb inc whizz |