The Shantz WordPress QOTD WordPress plugin up to and including 1.2.2 is lacking any CSRF check when updating its settings, allowing malicious users to make logged in administrators change them to arbitrary values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
shantz wordpress qotd project shantz wordpress qotd |