Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated malicious users to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inisev redirection |
||
themecheck ultimate posts widget |
||
inisev ssl mixed content fix |
||
ultimatelysocial social media share buttons \\& social sharing icons |
||
inisev rss redirect \\& feedburner alternative |
||
mypopups pop-up |
||
themecheck enhanced text widget |
||
copy-delete-posts duplicate post |
||
backupbliss clone |
||
backupbliss backup migration |