漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WordPress Subscribe To Comments Reloaded plugin <= 211130 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Vulnerability Description
Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
WordPress plugin Subscribe To Comments Reloaded 跨站请求伪造漏洞
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Subscribe To Comments Reloaded 211130版本及之前版本存在跨站请求伪造漏洞。攻击者利用该漏洞可以清理日志档案、下载系统信息文件、插件系统设置、插件选项设置、生成新密钥、重置所有选项、更改通知设置、管理页面设置、评论表单设置、管理订阅—>批量更新设置、管理订阅—>添加新订阅,更新订阅,删除订阅。
CVSS Information
N/A
Vulnerability Type
N/A