Description
The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows an attacker to delete quizzes.
References (3)
Core 3
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/watupro/#developers
Exploit, Third Party Advisory x_refsource_misc
https://advisories.dxw.com/advisories/csrf-in-watu-pro-allows-unauthenticated-attackers-to-delete-quizzes/
Product, Third Party Advisory
https://calendarscripts.info/watupro/
Scores
CVSS v3
4.3
EPSS
0.0056
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
Status
published
Products (1)
kibokolabs/watupro
< 4.9.0.8
Published
Sep 26, 2019
Tracked Since
Feb 18, 2026