None of the functions in this plugin use nonce checks, so it is possible for an attacker to perform any action that the plugin is capable of by tricking an administrator into clicking a specially crafted link designed to perform that action. This includes capabilities such as adding new pages, replacing existing pages, and inserting malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
free-sales-funnel-squeeze-pages-landing-page-builder-templates-make | eq | * |