CVE-2018-1000505

EUVD-2018-1903
Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
tooltipytooltipy
5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisories.dxw.com/advisories/csrf-in-tooltipy/
https://advisories.dxw.com/advisories/csrf-in-tooltipy/