CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

Cross site request forgery (csrf)

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

PT-2022-21775 · WordPress · Event Monster

Name of the Vulnerable Software and Affected Versions: Event Monster WordPress plugin versions prior to 1.2.0 Description: The issue concerns a lack of CSRF check when deleting visitors, which could allow attackers to make logged-in admins delete arbitrary visitors via a CSRF attack...

WordPress plugin Event Monster 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Event Monster < 1.2.0 - Visitors Deletion via CSRF

The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is also...

Event Monster < 1.2.0 - Visitors Deletion via CSRF

The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack PoC To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is...