2 matches found
CVE-2022-3336 Event Monster < 1.2.0 - Visitors Deletion via CSRF
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...
WordPress Event Monster plugin <= 1.1.20 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Visitors Deletion discovered by Thura Moe Myint in the WordPress Event Monster plugin versions = 1.1.20. Solution Update the WordPress Event Management Tickets Booking plugin to the latest available version at least 1.2.0...