2 matches found
Cross site request forgery (csrf)
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the editmetavalue function. This makes it possible for unauthenticated attackers to edit meta field values vi...
CVE-2020-36742 Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass
The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the editmetavalue function. This makes it possible for unauthenticated attackers to edit meta field values vi...