CVE-2023-4276
CVE-2023-4276 affects the Absolute Privacy WordPress plugin (versions ≤ 2.1). Root cause: missing nonce validation in abpr_profileShortcode enabling Cross-Site Request Forgery. This allows unauthenticated attackers to change a site user’s email and password if a site admin clicks a crafted link. ...