Support Board < 3.3.6 - Arbitrary File Deletion via CSRF

The Support Board WordPress plugin before 3.3.6 does not have any CSRF checks in actions handled by the include/ajax.php file, which could allow attackers to make logged in users do unwanted actions. For example, make an admin delete arbitrary files

N/A

跨站请求伪造(CSRF)

WordPress plugin Support Board 跨站请求伪造漏洞

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Support Board 存在跨站请求伪造漏洞，该漏洞源于3.3.6之前的Support Board WordPress插件没有任何由包含ajax.php文件处理的CSRF检查操作。攻击者可利用该漏洞让登录的用户做不想要的操作。

N/A

N/A