2 matches found
CVE-2021-24779 WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update
The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...
CVE-2021-24779
Vulnerability summary: The WP Debugging WordPress plugin (versions before 2.11.0) is affected by an unauthenticated settings update flaw. The update_settings() function is hooked to admin_init and lacks authorization and CSRF checks, allowing unauthenticated users to modify plugin settings. Affec...