Description
WordPress Plugin All in One Webmaster is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin All in One Webmaster version 8.2.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 8.2.4 or latest
References
Related Vulnerabilities
MySQL CVE-2021-2479 Vulnerability (CVE-2021-2479)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1862)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5731)
WordPress Plugin ReFlex Gallery 'php.php' Arbitrary File Upload (1.4.6)
WordPress Plugin Login Security Solution Multiple Unspecified Vulnerabilities (0.50.0)