Primary

Context

FlatPress CMS Cross-Site Request Forgery Vulnerability Allowing Unauthorized Plugin Management

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the latest version of FlatPress CMS. This issue allows attackers to manipulate plugin settings on behalf of authenticated users. By crafting a malicious link or script, an attacker can exploit this vulnerability to enable or disable plugins without the victim's consent. The server processes these requests as if they were initiated by the legitimate user, leading to unauthorized changes in the plugin management. This vulnerability has been addressed in version 1.4.dev.

Impact

Exploitation of this vulnerability could result in unauthorized changes to plugin settings, potentially disrupting website functionality or introducing security risks.

Remediation

Users can upgrade to FlatPress CMS version 1.4.dev to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FlatPress CMS Cross-Site Request Forgery Vulnerability Allowing Unauthorized Plugin Management

Vulnerability

Impact

Remediation

Affected Products

FlatPress

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating