A vulnerability advisory was revealed for the Inspiro WordPress theme by WPZoom. The vulnerability arises as a consequence of a lacking or incorrect safety validation that allows an unauthenticated attacker to launch a Cross-Website Request Forgery (CSRF) assault.
Cross-Website Request Forgery (CSRF)
A CSRF vulnerability within the context of a WordPress website is an assault that depends on a consumer with admin privileges clicking a hyperlink, which in flip leverages that consumer’s credentials to execute a malicious motion. The vulnerability has been assigned a CVSS risk score of 8.1.
The advisory issued by Wordfence WordPress safety firm warned:
“This makes it potential for unauthenticated attackers to put in plugins from the repository by way of a solid request granted they’ll trick a website administrator into performing an motion akin to clicking on a hyperlink.”
The vulnerability impacts Inspiro theme variations as much as and together with 2.1.2. Customers are suggested to replace their theme to the most recent model.
Featured Picture by Shutterstock/Kazantseva Olga
