CVE-2023-45656 – WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-45656

12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Kevin Weber Lazy Load for Videos en versiones <= 2.18.2. The Lazy Load for Videos plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.2. This is due to missing or incorrect nonce validation on one of its function. This makes it possible for unauthenticated attackers to invoke... • https://patchstack.com/database/vulnerability/lazy-load-for-videos/wordpress-lazy-load-for-videos-plugin-2-18-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •