2 matches found
CVE-2022-2540
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the adminpage function found in the /admin.php file. This makes it possible for unauthenticated...
CVE-2022-2540
The CVE concerns the WordPress plugin Link Optimizer Lite (versions up to and including 1.4.5). The underlying issue is missing nonce validation in the admin.php function, enabling CSRF that can lead to Cross‑Site Scripting. The vulnerability could allow unauthenticated attackers to modify plugin...