The vulnerability of the wptodo_addcomment function in the WordPress To Do plugin, a content management system for websites, allows a hacker to perform a CSRF attack.

The vulnerability of the wptodoaddcomment function in the WordPress To Do plugin, a content management system for websites, is related to the of cross-site requests due to incorrect validation of the value of the nonce cookie. Exploiting this vulnerability could allow an attacker to execute a CSR...

WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment

Description The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to ...