WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account.
Update the WordPress WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin to the latest available version (at least 8.2.8).
- 05 February 2023: Reported to Patchstack
- 06 February 2023: Vulnerability validated
- 14 February 2023: Vulnerability fixed
- 14 February 2023: Vulnerability disclosed