2 matches found
CVE-2024-1755
CVE-2024-1755 affects the WordPress plugin “NPS computy” up to version 2.7.5, where missing CSRF checks in certain code paths could allow an attacker to cause logged-in users to perform unintended actions. The issue is documented as CSRF across multiple sources, with a remediation stating that ve...
CVE-2024-1754
The CVE-2024-1754 entry concerns the NPS computy WordPress plugin (versions up to 2.7.5) where some settings are not sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disallowed (e.g., multisite). Red Hat and Patchstack corroborate th...