3 matches found
CVE-2020-36749
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...
CVE-2020-36749
CVE-2020-36749 affects the Easy Testimonials WordPress plugin (versions up to 3.6.1). The root cause is missing or incorrect nonce validation in saveCustomFields(), enabling CSRF so that unauthenticated attackers could save custom fields by tricking an administrator. Impact is unauthenticated arb...
CVE-2020-36749 Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...