Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.
References
| Link | Resource |
|---|---|
| https://advisories.dxw.com/advisories/csrf-in-tooltipy/ | Exploit Third Party Advisory |
| https://advisories.dxw.com/advisories/csrf-in-tooltipy/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://advisories.dxw.com/advisories/csrf-in-tooltipy/ - Exploit, Third Party Advisory |
Information
Published : 2018-06-26 16:29
Updated : 2024-11-21 03:40
NVD link : CVE-2018-1000505
Mitre link : CVE-2018-1000505
CVE.ORG link : CVE-2018-1000505
JSON object : View
Products Affected
tooltipy
- tooltipy
CWE
CWE-352
Cross-Site Request Forgery (CSRF)