2 matches found
CVE-2022-1831 WPlite <= 1.3.1 - Arbitrary Settings Update via CSRF
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1831
CVE-2022-1831 affects the WordPress WPlite plugin up to version 1.3.1. The vulnerability is a cross-site request forgery (CSRF) flaw that skips CSRF checks when updating settings, enabling an authenticated (logged-in) attacker to cause an administrator to change configuration. Documented impact i...