Vulnerability
-
What can you say to the following recent problem; I did install and reinstall the most recent version of both BackUpBliss (pro) and Really Simple Security Pro; the same problem exist on the several sites.
Updated: 2026-04-08
Published: 2023-07-28
Updated: 2026-04-08
Title: Inisev Plugins (Various Versions) – Cross-Site Request Forgery on handle_installation functionDescription
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.CWE 1 Total
The page I need help with: [log in to see the link]
You must be logged in to reply to this topic.
