CVE-2020-36744
The CVE-2020-36744 entry concerns the WordPress NotificationX plugin, affected in versions up to 1.8.2. The root cause is missing or incorrect nonce validation in the generate_conversions() function, enabling CSRF where unauthenticated attackers can induce conversions via forged requests if a sit...