CVE-2024-7574

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

CVE-2024-7574

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

CVE-2024-7574

CVE-2024-7574 affects the Christmasify! WordPress plugin (versions

CVE-2024-7574 Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

PT-2024-38428 · WordPress · Christmasify!

Name of the Vulnerable Software and Affected Versions: Christmasify! plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the options function. This allows unauthenticated attackers to modify t...