CVE-2021-4386
The CVE refers to the WP Security Question WordPress plugin, with CSRF in versions up to and including 1.0.5 caused by missing or incorrect nonce validation in the save() function. This allows unauthenticated attackers to modify plugin settings through forged requests if a site administrator is t...