2 matches found
CVE-2020-36743
The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated attackers to update...
CVE-2020-36743
The CVE-2020-36743 entry concerns the WordPress Product Catalog Simple plugin (versions up to and including 1.5.13). The root cause is missing or incorrect nonce validation in the implecode_save_products_meta() function, allowing unauthenticated attackers to update product metadata by misleading ...