The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-07-18T16:16:27
Updated: 2023-10-20T15:06:11.174Z
Reserved: 2022-05-27T00:00:00
Link: CVE-2022-1912
JSON object: View
NVD Information
Status : Modified
Published: 2022-07-18T17:15:08.603
Modified: 2023-11-07T03:42:17.977
Link: CVE-2022-1912
JSON object: View
Redhat Information
No data.
CWE