4 matches found
CVE-2021-25073
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack...
CVE-2022-3427
The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.56. This is due to missing or incorrect nonce validation on its corneradsettingspage function. This makes it possible for unauthenticated attackers to trigger the deletion of ads v...
WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF
The plugin does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=wp125addedit=1...
WP125 < 1.5.5 - Arbitrary Ad Deletion via CSRF
The plugin does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack https://example.com/wp-admin/admin.php?page=wp125addedit&deletead=1...