CVE-2024-37198 – WordPress Digital Newspaper theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2024-37198

20 Jun 2024 — Cross-Site Request Forgery (CSRF) vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en blazethemes Digital Newspaper. Este problema afecta a Digital Newspaper: desde n/a hasta 1.1.5. The Digital Newspaper theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/digital-newspaper/wordpress-digital-newspaper-theme-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •