CVE-2021-20780 – Currency Switcher <= 1.1.6 - Cross-site request forgery

https://notcve.org/view.php?id=CVE-2021-20780

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en WPCS - WordPress Currency Switcher versiones 1.1.6 y anteriores, permite a atacantes remotos secuestrar la autenticación de los administradores por medio de vectores no especificados The Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the print_plugin_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts granted they can trick a site administrator into performing an action such as clicking on a link. • https://jvn.jp/en/jp/JVN91372527/index.html https://pluginus.net https://wordpress.org/plugins/currency-switcher • CWE-352: Cross-Site Request Forgery (CSRF) •