https://secupress.me/blog/wps-bidouille-v1-12-2-multiples-vulnerabilities/
WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is medium. CSRF #1 File : /classes/plugin.php Line 355-358 Function count_notif() Issue : Lack of nonce token, we can here give this link to a logged-in administrator or include it in a hidden page with POST method: https://example.com/wp-admin/admin-ajax.php?action=count_notif with […]
The post WPS Bidouille v1.12.2 Multiples Vulnerabilities appeared first on SecuPress.
Source: Security Feed