3 matches found
CVE-2020-36737
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...
CVE-2020-36737
The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...
CVE-2020-36737
The CVE-2020-36737 vulnerability affects the WordPress Import / Export Customizer Settings plugin (versions up to 1.0.3). Root cause: missing/incorrect nonce validation in the astra_admin_errors() function, enabling CSRF. Impact: unauthenticated attackers can misuse forged requests to cause an im...