3 matches found
CVE-2021-4386
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
Cross site request forgery (csrf)
The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
CVE-2021-4386
The CVE refers to the WP Security Question WordPress plugin, with CSRF in versions up to and including 1.0.5 caused by missing or incorrect nonce validation in the save() function. This allows unauthenticated attackers to modify plugin settings through forged requests if a site administrator is t...