Description
WordPress Plugin BeCustom is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin BeCustom version 1.0.5.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.5.3 or latest
References
Related Vulnerabilities
WordPress Plugin WP Attachment Export Arbitrary File Download (0.2.3)
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-8953)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)
WordPress Plugin Re-attacher by BestWebSoft Cross-Site Scripting (1.0.8)