4 matches found
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2022-2555
The CVE-2022-2555 entry concerns the Yotpo Reviews for WooCommerce WordPress plugin (versions 2.0.4 and earlier). The root cause is missing nonce validation when updating plugin settings, enabling CSRF where a logged-in admin could change settings. Impact is unauthorized configuration changes; ex...
CVE-2022-2555 Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRF
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...