WordPress Password for WP plugin <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Password for WP versions = 1.5...

CVE-2024-11419 Password for WP <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the get3initadminpage function. This makes it possible for unauthenticated attackers to update settings and injec...

CVE-2024-11419

CVE-2024-11419 affects the Password for WP WordPress plugin (versions up to and including 1.3). The vulnerability arises from missing or incorrect nonce validation in get3_init_admin_page(), enabling unauthenticated attackers to update plugin settings and inject script via forged requests. Wordfe...

WordPress plugin Password for WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site reques...