2 matches found
CVE-2022-0707
The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via a CSRF attack...
CVE-2022-0707
The CVE concerns the Easy Digital Downloads WordPress plugin, specifically versions before 2.11.6. It states that there is no CSRF check when inserting payment notes, enabling a logged-in administrator to insert arbitrary notes via CSRF. The Red Hat/CNVD records confirm this as a cross-site reque...