2 matches found
CVE-2022-1912
The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...
CVE-2022-1912
The CVE-2022-1912 entry concerns the WordPress plugin Button Widget Smartsoft, affecting versions up to and including 1.0.1. The underlying issue is missing nonce validation on the smartsoftbutton_settings page, enabling CSRF. This allows unauthenticated attackers to update the plugin’s settings ...