EPSS
Percentile
27.7%
The plugin does not protect its handle_actions function against CSRF attacks, allowing an unauthenticated attacker to enable or disable notifications by tricking a logged in administrator to submit a crafted request.
patchstack.com/database/vulnerability/bnfw/wordpress-better-notifications-for-wp-plugin-1-9-2-cross-site-request-forgery-csrf-vulnerability