CVE-2021-4397
CVE-2021-4397 affects the WordPress Staff Directory Plugin up to version 3.6, where CSRF is possible due to missing/incorrect nonce validation in saveCustomFields(). Unauthenticated attackers could trigger saving custom fields by tricking an admin. Mitigation per connected data: update to a versi...