CVE-2024-10581 DirectoryPress Frontend <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update

The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfllistingStatusChange function. This makes it possible for unauthenticated attackers to update...

PT-2025-6498 · WordPress · Directorypress Frontend

Name of the Vulnerable Software and Affected Versions: DirectoryPress Frontend plugin for WordPress versions up to, and including, 2.7.9 Description: The issue is due to missing or incorrect nonce validation on the dpfl listingStatusChange function, making it possible for unauthenticated attacker...

WordPress DirectoryPress Frontend plugin <= 2.7.9 - Cross-Site Request Forgery to Listing Status Update vulnerability

Cross-Site Request Forgery to Listing Status Update vulnerability discovered by incognito in WordPress Plugin DirectoryPress Frontend versions = 2.7.9...