2 matches found
CVE-2023-2717
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...
CVE-2023-2717
CVE-2023-2717 affects the Groundhogg WordPress plugin up to version 2.7.9.8. The vulnerability is a CSRF flaw caused by missing nonce validation in the enable_safe_mode function, enabling unauthenticated attackers to trigger Safe Mode and disable all other plugins via a forged request if a site a...