2 matches found
MINI-MRFQ-WC95-PRH7
Bulletin has no description...
WPHEKA Request For Quote < 1.3 - CSRF Bypass
The plugin does not properly check for CSRF in its actionwphekaaddtoquote and actionremoveitemfromrfqlist AJAX actions, allowing attacker to make users call them and perform unwanted actions...