2 matches found
CVE-2024-2968
CVE-2024-2968 affects the WP-Eggdrop WordPress plugin. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings across all versions up to 0.1, due to insufficient input sanitization and output escaping. It requires authenticated access (administrator-level) and affects multisite ...
CVE-2024-2969
CVE-2024-2969 affects the WP-Eggdrop WordPress plugin (all versions up to 0.1). It is a CSRF flaw caused by missing/incorrect nonce validation in wpegg_updateOptions(), allowing unauthenticated attackers to trigger plugin setting updates via forged requests if a site admin is induced to perform a...