CVE-2019-14681

CVE-2019-14681

EPSS 0.8%

The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wordpress.org/plugins/deny-all-firewall/#developers https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-vulnerability-in-deny-all-firewall/