Cross site request forgery (csrf)

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack...

DAO proposals can be executed by anyone due to vulnerable TimelockController

Handle cmichel Vulnerability details Vulnerability Details The GovernorAlpha inherits from a vulnerable TimelockController. This TimelockController allows an EXECUTOR role to escalate privileges and also gain the proposer role. See details on OZ and the fix here. The bug is that executeBatch chec...