Comment Reply Notification <= 1.4 - Cross-Site Request Forgery

2023-04-0400:00:00

wpscan.com

cross-site request forgery

software

nonce validation

EPSS

0.001

Percentile

28.1%

JSON

The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery (CSRF) vulnerability.

References

patchstack.com/database/vulnerability/comment-reply-notification/wordpress-comment-reply-notification-plugin-1-4-cross-site-request-forgery-csrf-vulnerability

EPSS

0.001

Percentile

28.1%

JSON

Related for WPVDB-ID:95595766-D535-43CC-9655-6B7D3018C5E1