CVE-2021-4394
CVE-2021-4394 – WordPress Locations plugin : A CSRF flaw in the Locations plugin for WordPress affects versions up to 3.2.1. The root cause is missing or incorrect nonce validation in the saveCustomFields() function, enabling unauthenticated attackers to modify custom field metadata by crafting a...