The WordPress plugin “bbPress Members Only” was recently found to be vulnerable to CSRF (Cross-Site Request Forgery) attacks. This affects versions before 1.2.1. CSRF attacks are a type of attack that forces an authenticated user to perform an action on a web application that they did not intend to do. Generally, this may happen with some form of social engineering (such as phishing) where the authenticated user clicks a link that ultimately sends a request on that user’s behalf. Depending on the web application, successful CSRF attacks can be used to do anything that the user can, including the creation of a new account or privilege escalation for the attacker.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is