CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection

The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...

CVE-2024-12170

CVE-2024-12170 affects ViewMedica 9 WordPress plugin (versions up to 1.4.15). The vulnerability is a Cross-Site Request Forgery (CSRF) on the Viewmedica-Admin page that enables unauthenticated attackers to cause the system to accept forged requests. This can allow an admin-facing action to trigge...

WordPress ViewMedica Embed plugin <= 1.4.15 - Cross-Site Request Forgery to SQL Injection vulnerability

Cross-Site Request Forgery to SQL Injection vulnerability discovered by minhtuanact in WordPress Plugin ViewMedica 9 versions = 1.4.15...