CVE-2023-4628 LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...