PT-2026-3224

The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions = 1.7.1. This is due to missing or incorrect nonce validation on the display settings page function. This makes it possible for unauthenticated attackers to modify plugin settings vi...