2 matches found
CVE-2021-24906 Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin and therefore the protection offered via a crafted request...
CVE-2021-24906
The CVE-2021-24906 entry concerns the WordPress Protect WP Admin plugin (pre-3.6.2). The vulnerability is an unauthenticated deactivation in lib/pwa-deactivate.php due to missing authorization checks, allowing an unauthenticated attacker to disable the plugin and its protection via a crafted requ...