2 matches found
CVE-2026-1455
The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...
WordPress Whatsiplus Scheduled Notification for Woocommerce plugin <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action vulnerability
Cross-Site Request Forgery to 'wsnfwsaveuserssettings' AJAX Action vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Whatsiplus Scheduled Notification for Woocommerce versions = 1.0.1...