2 matches found
WordPress Xhanch - My Advanced Settings plugin <= 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability
WordPress Xhanch - My Advanced Settings plugin = 1.1.2 - Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Xhanch – My Advanced Settings versions = 1.1.2...
CVE-2026-3332 Xhanch - My Advanced Settings <= 1.1.2 - Cross-Site Request Forgery to Settings Update
The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xmssetting function on the settings update handler. This makes it possible for unauthenticated attackers t...