4 matches found
CVE-2021-24380
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...
Cross site request forgery (csrf)
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...
CVE-2021-24380
CVE-2021-24380 affects Shantz WordPress QOTD plugin (≤ 1.2.2). The issue is a missing CSRF check when updating settings, enabling an attacker with logged-in admin rights to modify settings to arbitrary values. Documents confirm the weakness is in the settings update path, allowing arbitrary value...
CVE-2021-24380 Shantz WordPress QOTD <= 1.2.2 - Arbitrary Setting Update via CSRF
The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking any CSRF check when updating its settings, allowing attackers to make logged in administrators change them to arbitrary values...