3 matches found
CVE-2021-4404
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...
CVE-2021-4404
CVE-2021-4404 concerns the WordPress plugin Event Espresso 4 Decaf. A CSRF vulnerability exists in versions up to 4.10.11 due to missing/incorrect nonce validation in the ajaxHandler() function. This enables unauthenticated attackers to trigger actions by tricking an administrator into performing...
CVE-2021-4404 Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...