2 matches found
CVE-2024-8085
The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
PT-2025-21511 · WordPress · Peoplepond
Name of the Vulnerable Software and Affected Versions: PeoplePond WordPress plugin versions 1.1.9 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping in the PeoplePond WordPress plugin. This could allow attackers to mak...