4 matches found
CVE-2023-2549
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...
CVE-2023-2549
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...
CVE-2023-2549
The CVE-2023-2549 entry documents a CSRF vulnerability in the Feather Login Page plugin for WordPress, affecting versions 1.0.7 through 1.1.1. Root cause: missing nonce validation in the createTempAccountLink function. Consequence: unauthenticated attackers can create a new user with administrato...
WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2549 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 17403ad53e50 Credits Lana Codes...