3 matches found
CVE-2023-4628
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...
CVE-2023-4628 LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...
CVE-2023-4628
The CVE-2023-4628 case concerns the LadiApp WordPress ladipage plugin. A missing nonce check in ladiflow_save_hook() (versions ≤ 4.4) enables unauthenticated attackers to forge requests and update the ladiflow_hook_configs option, potentially convincing an admin to perform actions. Affected produ...