The vulnerability of the admin_notice() function in the ProfilePress plugin of the WordPress content management system allows a hacker to execute a CSRF attack.

The vulnerability of the adminnotice function in the ProfilePress plugin of the WordPress content management system is related to the manipulation of cross-site requests due to incorrect validation of the value of a one-time code called “nonce”. Exploiting this vulnerability could allow a malicio...

ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'

Description The ProfilePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.13.1. This is due to missing or incorrect nonce validation on the 'adminnotice' function. This makes it possible for unauthenticated attackers to dismiss admin notices...

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

CVE-2023-2916

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...

Privilege escalation

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'adminnotice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. ...