CVE-2024-13852
CVE-2024-13852 affects the WordPress plugin Option Editor (version 1.0). The root cause is missing nonce validation in the plugin_page() function, enabling CSRF. This allows unauthenticated attackers to forge requests to update arbitrary site options, potentially setting the default registration ...