4 matches found
CVE-2024-12771
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...
CVE-2024-12771
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...
CVE-2024-12771
CVE-2024-12771 affects the eCommerce Product Catalog Plugin for WordPress. It is a CSRF vulnerability caused by missing nonce validation in customer_panel_password_reset, enabling unauthenticated attackers to reset the password of any administrator or customer account via a forged request if the ...
CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...