3 matches found
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...
CVE-2022-3852
The VR Calendar plugin for WordPress (versions up to 2.3.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on several functions. This enables unauthenticated attackers to delete or modify calendars and plugin settings by inducing an admin to perform forged a...
CVE-2022-3852 VR Calendar <= 2.3.3 - Cross-Site Request Forgery
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...