CVE-2024-5028 CM WordPress Search And Replace Plugin < 1.3.9 - Plugin Reset via CSRF

The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Similarity <= 3.0 - Plugin Reset via CSRF

Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack Make a logged in admin open an HTML file containing:...