CVE-2014-5072
Description
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSRF vulnerability in WP Security Audit Log plugin before version 1.2.5 allows remote attackers to hijack authenticated admin sessions.
Vulnerability
The WP Security Audit Log plugin for WordPress versions before 1.2.5 contains a cross-site request forgery (CSRF) vulnerability. The exact vectors are unknown, but the flaw allows attackers to perform unauthorized actions on behalf of an authenticated administrator.
Exploitation
An attacker can craft a malicious link or page that, when visited by an authenticated admin, triggers unintended actions in the plugin. Publicly available exploit code demonstrates the attack [2].
Impact
Successful exploitation enables an attacker to hijack the authentication of the victim, potentially leading to unauthorized changes to the audit log settings or data, or other administrative actions.
Mitigation
The vulnerability is fixed in version 1.2.5 of the plugin. Users should update to the latest version. No workaround is documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.2.5+ 1 more
- (no CPE)range: <1.2.5
- (no CPE)range: <1.2.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/0pc0deFR/Exploits/tree/master/CVE-2014-5072mitrex_refsource_MISC
- www.wpsecurityauditlog.com/plugin-change-log/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.