A vulnerability advisory was published for the Inspiro WordPress theme by WPZoom. The vulnerability arises due to a missing or incorrect security validation that enables an unauthenticated attacker to launch a Cross-Site Request Forgery (CSRF) attack.
Cross-Site Request Forgery (CSRF)
A CSRF vulnerability in the context of a WordPress site is an attack that relies on a user with admin privileges clicking a link, which in turn leverages that user’s credentials to execute a malicious action. The vulnerability has been assigned a CVSS threat rating of 8.1.
The advisory issued by Wordfence WordPress security company warned:
“This makes it possible for unauthenticated attackers to install plugins from the repository via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.”
The vulnerability affects Inspiro theme versions up to and including 2.1.2. Users are advised to update their theme to the latest version.
Featured Image by Shutterstock/Kazantseva Olga