CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to CSRF in versions up to and including 3.5.3 due to missing or incorrect nonce validation in the epio_send_autosuggest_allowed() function. This allows unauthenticated attackers to submit autosuggest parameters to elasticpress.io via forged requ...