CVE-2022-47609 – WordPress DNUI Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2022-47609

13 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. The DNUI plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the dnui.php file. This makes it possible for unauthenticated attackers to access administrative functions of the plugin (such as the deleting of unused images or pulling image data from the database) via a forged request granted they can trick a sit... • https://patchstack.com/database/vulnerability/dnui-delete-not-used-image-wordpress/wordpress-dnui-plugin-2-8-1-multiple-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •