VYPR

WPMK Ajax Finder

by WordPress

CVEs (1)

  • CVE-2022-1749HigJun 13, 2022
    risk 0.57cvss 8.8epss 0.01

    The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts,…