2 matches found
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The CVE-2022-3240 entry concerns WordPress plugin Follow Me Plugin (versions ≤ 3.1.1). Root cause: missing nonce validation on FollowMeIgniteSocialMedia_options_page() enables CSRF, allowing unauthenticated attackers to alter plugin settings and inject JavaScript; WPVulnDB also notes potential St...