2 matches found
WordPress WP To Do plugin <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() vulnerability
Cross-Site Request Forgery via wptodomanage vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP To Do versions = 1.3.0...
CVE-2024-3945
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodomanage function. This makes it possible for unauthenticated attackers to add new todo items via a forged...