3 matches found
CVE-2021-4397
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...
CVE-2021-4397
CVE-2021-4397 affects the WordPress Staff Directory Plugin up to version 3.6, where CSRF is possible due to missing/incorrect nonce validation in saveCustomFields(). Unauthenticated attackers could trigger saving custom fields by tricking an admin. Mitigation per connected data: update to a versi...
CVE-2021-4397 Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...