Forum
Forum-Breadcrumbs - Du bist hier:ForumOffenes Forum: Security AdvisoriesCVE-2022-0363 - myCred WordPress
CVE-2022-0363 - myCred WordPress
Stefan Windus@stefan
91 Beiträge
Zitat von Stefan Windus am 25. April 2022, 0:00 UhrThe myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
Anklicken für Daumen nach unten.0Anklicken für Daumen nach oben.0