2 matches found
CVE-2023-4975 Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update
The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to chan...
CVE-2023-4975
CVE-2023-4975 affects WordPress: Website Builder by SeedProd (Coming Soon/Theme Builder) up to version 6.15.13.1. The issue is CSRF in builder.php due to missing/incorrect nonce validation, enabling unauthenticated attackers to cause a settings update (e.g., changing the Stripe Connect token) by ...