A high-severity Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows an attacker to perform a Stored XSS attack, potentially leading to website compromise.

The plugin is affected by a Cross-Site Request Forgery (CSRF) flaw. This allows an unauthenticated attacker to trick an authenticated administrator into executing a crafted request that results in the injection of a persistent malicious script (Stored XSS) into the application.

Rated as High severity with a CVSS score of 7.1, this vulnerability poses a significant risk. An attacker can use this flaw to execute arbitrary JavaScript in the browsers of users visiting the site. This could be used to steal session cookies, capture credentials, perform unauthorized actions on behalf of users, or redirect them to malicious websites.

Immediate Action: Update the web-able BetPress plugin to the latest patched version from the vendor to eliminate the vulnerability.

Proactive Monitoring: Scan the website's frontend and backend for any unexpected behavior or injected scripts. Monitor logs for unusual administrative actions.

Compensating Controls: Implement a Web Application Firewall (WAF) to block CSRF attempts and filter requests containing XSS payloads, providing a crucial layer of defense.

Public Exploit Available: false

The ability to inject persistent malicious code into a website via a CSRF attack is a critical security issue. Given the High severity rating, immediate action is required. Administrators must update the BetPress plugin without delay to protect the website and its users.