CVE-2019-14681
HIGHdeny_all_firewall < 1.1.7 - Cross-Site Request Forgery via Settings Removal
Title source: llmDescription
The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admin/options-general.php?page=daf_settings&daf_remove=true CSRF.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.pluginvulnerabilities.com/2019/06/21/cross-site-request-forgery-csrf-vulnerability-in-deny-all-firewall/
Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/deny-all-firewall/#developers
Scores
CVSS v3
8.8
EPSS
0.0080
EPSS Percentile
52.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
deny_all_firewall_project/deny_all_firewall
< 1.1.7
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026