2 matches found
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...
CVE-2023-4000
CVE-2023-4000 concerns the WordPress plugin Waiting: One-click countdowns (≤ 0.6.2). The root cause is missing or incorrect nonce validation on AJAX actions, enabling CSRF and allowing unauthenticated attackers to create or delete countdowns if a site admin is tricked into performing an action (e...