2 matches found
CVE-2020-35773
CVE-2020-35773 concerns the WordPress Site Offline plugin prior to 1.4.4, which lacks several nonce checks (wp_create_nonce/wp_verify_nonce), enabling cross‑site request forgery (CSRF). The documented impact states that a logged‑in administrator could be coerced into changing plugin settings via ...
CVE-2020-35773
The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...