Filtered by vendor Wpexpertdeveloper
Subscriptions
Filtered by product Wp Private Content Plus
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-4385 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-11-25 | 8.8 High |
The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-11-21 | N/A |
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. |
Page 1 of 1.