2 matches found
CVE-2022-1846 Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1846
The CVE-2022-1846 entry concerns the Tiny Contact Form WordPress plugin (version up to 0.7) that lacks a CSRF check when updating settings, enabling a logged-in administrator to be coerced into changing settings via a CSRF attack. The connected documents consistently describe the vulnerability as...