CVE-2016-10962 β€” Cross-Site Request Forgery in Engage

CWE-352 β€” Cross-Site Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 65.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Icegram Engage
Timeline
PublishedSep 16
Latest updateMay 24

Description

The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDicegram/icegram_engage< 1.9.19

πŸ”΄Vulnerability Details

2
GHSA
GHSA-jrh8-hwhr-wvmg: The icegram plugin before 1β†—2022-05-24
β–Ά
CVEList
CVE-2016-10962: The icegram plugin before 1β†—2019-09-16
β–Ά
CVE-2016-10962 β€” Cross-Site Request Forgery in Engage | cvebase