4 matches found
CVE-2021-24735
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...
CVE-2021-24735
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...
CVE-2021-24735
The CVE-2021-24735 entry concerns the WordPress plugin Compact WP Audio Player (pre-1.9.7). Connected sources corroborate a CSRF vulnerability caused by missing nonce checks, enabling an attacker with a logged‑in admin session to change the Disable Simultaneous Play setting. Affected version rang...
CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...