Crawlwp Seo
Monthly
Cross-Site Request Forgery in the CrawlWP SEO WordPress plugin (versions through 3.0.16) allows an unauthenticated attacker to perform unauthorized state-changing actions on behalf of an authenticated site administrator. Exploitation requires social engineering - a logged-in admin must be tricked into visiting a malicious page that silently submits a forged request. The integrity impact is low, limited to unauthorized configuration changes within the plugin's functionality. No public exploit code or active exploitation has been identified at time of analysis, consistent with the vulnerability's low CVSS base score of 4.3.
Cross-Site Request Forgery in the CrawlWP SEO WordPress plugin (versions through 3.0.16) allows an unauthenticated attacker to perform unauthorized state-changing actions on behalf of an authenticated site administrator. Exploitation requires social engineering - a logged-in admin must be tricked into visiting a malicious page that silently submits a forged request. The integrity impact is low, limited to unauthorized configuration changes within the plugin's functionality. No public exploit code or active exploitation has been identified at time of analysis, consistent with the vulnerability's low CVSS base score of 4.3.