2 matches found
CVE-2020-36742
CVE-2020-36742 relates to the WordPress Custom Field Template plugin. A CSRF vulnerability exists in versions up to 2.5.1 due to missing or incorrect nonce validation on the edit_meta_value() function, enabling unauthenticated attackers to edit meta field values via forged requests if they can tr...
CVE-2020-36742 Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the editmetavalue function. This makes it possible for unauthenticated attackers to edit meta field values vi...