2 matches found
CVE-2020-36751
The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the savemeta function. This makes it possible for unauthenticated attackers to save meta fields via a forged request...
CVE-2020-36751
The CVE describes a CSRF vulnerability in the WordPress Coupon Creator plugin (up to version 3.1) caused by missing or incorrect nonce validation in the save_meta() function. This allows unauthenticated attackers to save meta fields by persuading an administrator to perform an action (e.g., click...