2 matches found
CVE-2023-0729
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0729
The CVE-2023-0729 entry details a CSRF vulnerability in the Wicked Folders WordPress plugin up to version 2.18.16 due to missing or incorrect nonce validation in the ajax_save_sort_order function. This allows unauthenticated attackers to trigger admin actions via forged requests if the site admin...