PT-2025-50861
The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.11.4. This is due to missing nonce validation on the 'BMLTPlugin create option' and 'BMLTPlugin delete option ' action. This makes it possible for unauthenticated attackers ...