2 matches found
CVE-2024-35684
Technical details about CVE-2024-35684 (ElasticPress CSRF) are not publicly provided in the supplied documents. No affected versions, exploit info, or fixes are specified here; monitor for official advisories.
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to CSRF in versions up to and including 3.5.3 due to missing or incorrect nonce validation in the epio_send_autosuggest_allowed() function. This allows unauthenticated attackers to submit autosuggest parameters to elasticpress.io via forged requ...