CSRF vulnerability | WordPress.org

Resolved aboutsource
(@aboutsource)

9 years, 4 months ago

Taken from https://wpvulndb.com/vulnerabilities/7715

Description: Any registered user can delete all WordPress database tables and files. A browser request makes it possible: http://wp.dev/wp-admin/admin-ajax.php?action=uninstall
The plugin does not check for user rights

https://wordpress.org/plugins/uninstall/

Viewing 1 replies (of 1 total)

Plugin Author Ronni
(@quackquacker)

9 years, 3 months ago

Thanks for the notice, sorry about the delay, I did not notice it.

The plugin now checks if the user trying to uninstall is administrator.

As a added bonus I have added a warning not to activate the plugin unless your ready to get everything uninstalled.

Viewing 1 replies (of 1 total)

The topic ‘CSRF vulnerability’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Ronni
Last activity: 9 years, 3 months ago
Status: resolved