CVE-2019-15773
The CVE-2019-15773 entry concerns the WordPress nd-travel plugin prior to 1.7. A nopriv_ AJAX action enables modification of the siteurl setting, meaning an unauthenticated user could alter the site URL via AJAX. Affected component: nd-travel plugin (WordPress). Root cause: insufficient access co...