CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email
The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...