2 matches found
CVE-2021-24635
The CVE-2021-24635 entry refers to the Visual Link Preview WordPress plugin prior to version 2.2.3. The issue is an access-control flaw where the plugin does not enforce authorization for multiple AJAX actions and exposes a CSRF nonce to any authenticated user. As a result, an authenticated user ...
CVE-2021-24635 Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...