2 matches found
CVE-2022-3336
The Event Monster WordPress plugin (versions prior to 1.2.0) is vulnerable to Cross-Site Request Forgery (CSRF) when deleting visitors due to missing CSRF checks. This could allow a logged-in administrator to delete arbitrary visitors via a CSRF attack. Root cause: lack of CSRF verification in th...
CVE-2022-3336 Event Monster < 1.2.0 - Visitors Deletion via CSRF
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...