WordPress ScrollTo Bottom plugin <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin ScrollTo Bottom versions = 1.1.1...

WordPress plugin ScrollTo Bottom security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-37542 · WordPress · Scrollto Bottom

Name of the Vulnerable Software and Affected Versions: ScrollTo Bottom plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is due to missing nonce validation and missing file type validation in the options page function, making it possible for unauthenticated attacker...