The WP Docs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 1.9.8. This means that malicious actors can trick an administrator on the website into clicking on a link which could be used to create, rename, and delete folders. This is possible because the plugin does not have the necessary security validation to prevent this kind of attack.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
