CVE-2021-4419

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...

CVE-2021-4419

The CVE-2021-4419 entry describes a Cross-Site Request Forgery in the WordPress plugin WP-Backgrounds Lite (versions up to 2.3). The vulnerability arises from missing or incorrect nonce validation in the ino_save_data() function, enabling unauthenticated attackers to save metadata via forged requ...

WordPress Plugin WP-Backgrounds Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WP-Backgrounds Lite plugin <= 2.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress WP-Backgrounds Lite plugin versions = 2.3. Solution This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue...