2 matches found
CVE-2022-2435
The CVE-2022-2435 issue affects the AnyMind Widget plugin for WordPress (versions up to and including 1.1). The root cause is missing nonce protection on the createDOMStructure() function in ~/anymind-widget-id.php, enabling Cross-Site Request Forgery. Unauthenticated attackers could coerce an ad...
CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...