2 matches found
CVE-2024-8319 Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction,...
WordPress Tourfic Plugin <= 2.11.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software Tourfic Type Plugin Vulnerable versions = 2.11.20 Fixed in 2.11.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8319 Patch priority Low CVSS severity Low 4.3 Developer Themefic PSID 59cc85267376 Credits WordFence Required privilege...