3 matches found
CVE-2020-36745
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the doupdates function. This makes it possible for unauthenticated attackers to trigger updates via a forged...
CVE-2020-36745
The CVE concerns the WP Project Manager WordPress plugin, affected versions up to and including 2.4.0. The root cause is missing or incorrect nonce validation in the do_updates() function, facilitating Cross-Site Request Forgery. This allows unauthenticated attackers to trigger updates by deliver...
CVE-2020-36745 WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass
The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the doupdates function. This makes it possible for unauthenticated attackers to trigger updates via a forged...