2 matches found
CVE-2023-3254
The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setupnoregheader.php. This makes it possible for unauthenticated attackers to reset plugin settings a...
CVE-2023-3254
CVE-2023-3254 – Widgets for Google Reviews (WordPress) Technical details from connected sources confirm a CSRF vulnerability in versions up to 10.9 due to missing or incorrect nonce validation in setup_no_reg_header.php. This enables unauthenticated attackers to trigger forged requests that reset...