2 matches found
CVE-2022-2233
The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...
CVE-2022-2233
The CVE-2022-2233 entry relates to the Banner Cycler WordPress plugin (versions up to 1.4). A Cross-Site Request Forgery (CSRF) vulnerability exists due to missing nonce protection in the pabc_admin_slides_postback() function in ~/admin/admin.php, enabling unauthenticated attackers to induce an a...