CVE-2023-4629
CVE-2023-4629 affects the LadiApp WordPress plugin (up to v4.3) and is due to a missing nonce check in save_config(), enabling CSRF. This allows unauthenticated attackers to update the ladipage_config option by tricking an administrator into performing an action (e.g., clicking a forged link). Im...