2 matches found
CVE-2021-4403
The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged...
CVE-2021-4403
The CVE-2021-4403 entry concerns the WordPress Remove Schema plugin (versions up to 1.5). The root cause is missing/incorrect nonce validation in the validate() function, enabling CSRF where unauthenticated attackers could modify plugin settings via a forged request if a site admin is tricked int...