The Ever Compare WordPress plugin up to and including 1.2.3 does not have CSRF check when activating plugins, which could allow malicious users to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hasthemes ever compare |