3 matches found
PT-2023-16510 · WordPress · Clock In Portal- Staff & Attendance Management
Name of the Vulnerable Software and Affected Versions: The Clock In Portal- Staff & Attendance Management WordPress plugin versions 2.1 and earlier Description: The issue is related to the lack of a CSRF check when deleting designations, which could allow attackers to make logged-in admins delete...
Clock In Portal <= 2.1 - Designation Deletion via CSRF
The plugin does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Designation with ID 2...
Clock In Portal <= 2.1 - Designation Deletion via CSRF
The plugin does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Designation with ID 2...