2 matches found
CVE-2024-8476
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeventpluginbuttons function. This makes it possible for unauthenticated attackers to delete arbitrary...
WordPress Easy PayPal Events Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy PayPal Events Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8476 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 61a92fe21d38 Credits Krzysztof Zając...