2 matches found
CVE-2022-1749 WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...
CVE-2022-1749
CVE-2022-1749 concerns the WordPress plugin WPMK Ajax Finder (versions up to and including 1.0.1). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by a missing nonce check in the function createplugin_atf_admin_setting_page() within the file ~/inc/config/create-plugin-config....