3 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al eliminar grupos o correos electrónicos, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los elimine mediante un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete groups and emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al agregar correos electrónicos, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión realice dicha acción a través de un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to add an email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/871a93b5-ec67-4fe0-bc39-e5485477fbeb • CWE-352: Cross-Site Request Forgery (CSRF) •