VYPR

Wp Eggdrop

by Backie

CVEs (2)

  • CVE-2024-2969MedMar 29, 2024
    risk 0.35cvss 5.4epss 0.00

    The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpegg_updateOptions() function. This makes it possible for unauthenticated attackers to update…

  • CVE-2024-2968MedMar 29, 2024
    risk 0.29cvss 4.4epss 0.00

    The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level…