Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
CSRF
PHP
Plume Cms
NVD
Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%