2 matches found
CVE-2024-2969 WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2024-2969
CVE-2024-2969 affects the WP-Eggdrop WordPress plugin (all versions up to 0.1). It is a CSRF flaw caused by missing/incorrect nonce validation in wpegg_updateOptions(), allowing unauthenticated attackers to trigger plugin setting updates via forged requests if a site admin is induced to perform a...