Infigo Software IS-Theme-Companion Cross-Site Request Forgery Vulnerability Allowing Object Injection

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Infigo Software IS-theme-companion plugin, affecting versions through 1.57. This vulnerability allows for Object Injection, where an attacker could manipulate higher privileged users into performing unintended actions, potentially leading to the injection of malicious objects.

Impact

Exploitation of this vulnerability could force users with higher privileges to execute unwanted actions, taking advantage of their current authentication status.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infigo Software IS-Theme-Companion Cross-Site Request Forgery Vulnerability Allowing Object Injection

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating