The Private Files WordPress plugin up to and including 0.40 is missing CSRF check when disabling the protection, which could allow malicious users to make a logged in admin perform such action via a CSRF attack and make the blog public
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
private files project private files 0.40 |