Cross-site request forgery (CSRF) in Eu Cookie Notice plugin <= 1.0.6

This plugin is vulnerable to a Cross-site request forgery (CSRF) vulnerability. Admin user can be tricked to visit a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings.

Proof Of Concept:

Leave a Reply

Your email address will not be published. Required fields are marked *