Primary

Context

Wow-Company WP Coder Plugin Cross-Site Request Forgery Vulnerability Allowing Cross-Site Scripting

Vulnerability

Patched

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Wow-Company WP Coder plugin, affecting versions through 3.6. This vulnerability allows for Cross-Site Scripting (XSS) attacks. The issue arises from the plugin's insufficient protection against CSRF, which could enable attackers to manipulate users with higher privileges into performing actions that could lead to XSS vulnerabilities.

Impact

Exploitation of this vulnerability could allow attackers to perform actions on behalf of users with higher privileges, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

Remediation

Users of the WP Coder plugin should update to version 3.6.1 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.7

exploitability

6.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wow-Company WP Coder Plugin Cross-Site Request Forgery Vulnerability Allowing Cross-Site Scripting

Vulnerability

Impact

Remediation

Affected Products

Wow-Company WP Coder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating