Description
WordPress Plugin copy-me is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin copy-me version 1.0.0 is vulnerable.
Remediation
Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available
References
http://seclists.org/fulldisclosure/2016/Dec/73
https://packetstormsecurity.com/files/140244/WordPress-Copy-Me-1.0.0-Cross-Site-Request-Forgery.html
Related Vulnerabilities
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)
Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)
PrestaShop Improper Authentication Vulnerability (CVE-2020-4074)
WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.31)
Oracle Database Server CVE-2009-3412 Vulnerability (CVE-2009-3412)