The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-13T04:03:16
Updated: 2019-05-15T02:06:04
Reserved: 2019-05-12T00:00:00
Link: CVE-2019-11886
JSON object: View
NVD Information
Status : Modified
Published: 2019-05-13T05:29:00.910
Modified: 2019-05-15T03:29:00.313
Link: CVE-2019-11886
JSON object: View
Redhat Information
No data.
CWE