ThreatPress

WordPress Vulnerability Database

Back

WordPress Redux Framework <= 4.1.23 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability

Product
Redux
Description
Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability found by ErwanLR in WordPress Redux Framework (versions 4.1.22 - 4.1.23).
Solution
Update the WordPress Redux Framework to the latest available version (at least 4.1.24).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.1.23, 4.1.23, 4.1.22
Fixed In 4.1.24
Disclosure date
2020-12-15
Credits
ErwanLR