Invelity MyGLS Connect WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Invelity MyGLS Connect WordPress plugin, affecting versions through 1.1.1. This vulnerability allows object injection by forcing higher-privileged users to perform unintended actions while authenticated.
Impact
Exploitation of this vulnerability could enable object injection by tricking users with higher privileges into executing unintended actions.
Added: Sep 5, 2025, 2:50 PM
Updated: Sep 5, 2025, 6:36 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
1.7exploitability
6.4remediation
0.0relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.