Cross-Site Request Forgery (CSRF) Vulnerability in 2by2host Widget Logic Plugin for WordPress

Cross-Site Request Forgery (CSRF) Vulnerability in 2by2host Widget Logic Plugin for WordPress

CVE-2019-12826 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets (that are attached to widgets and then eval'd to dynamically determine their visibility) by crafting a malicious POST request that tricks administrators into adding the code.

Learn more about our Wordpress Pen Testing.