Colibri Page Builder < 1.0.260 - Import Images, Delete Post, Save Theme Data via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the apiCall function, allowing unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request...

PT-2024-17973 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.253 Description: The issue is due to missing or incorrect nonce validation on the apiCall function, making it possible for unauthenticated attackers to call a limite...