The plugin was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit admin_post actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other metadata.
CPE | Name | Operator | Version |
---|---|---|---|
wp-nested-pages | lt | 3.1.16 |