The Plugin “DX Delete Attached Media” has a security vulnerability.

  • Resolved joyryde

    (@joyryde)


    1 year, 1 month ago

    The DX Delete Attached Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5.1. This is due to missing or incorrect nonce validation on the add_to_base function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.References

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘The Plugin “DX Delete Attached Media” has a security vulnerability.’ is closed to new replies.