The plugin does not protect the ajax actions azh_add_post, azh_duplicate_post, azh_update_post and azh_remove_post against CSRF attacks, allowing an unauthenticated attacker to add, modify and delete posts by tricking a logged in user to submit a crafted request.
CPE | Name | Operator | Version |
---|---|---|---|
page-builder-by-azexo | eq | * |