CVE-2021-4396
The CVE refers to the Rucy WordPress plugin with a CSRF vulnerability up to version 0.4.4. The root cause is missing or incorrect nonce validation in the save_rc_post_meta() function, allowing unauthenticated attackers to save post meta by convincing a site admin to perform an action (e.g., click...