Cross-Site Request Forgery Vulnerability in Absolute Reviews Plugin for WordPress
CVE-2021-4426
4.3MEDIUM
What is CVE-2021-4426?
The Absolute Reviews plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) attack, affecting versions up to and including 1.0.8. This vulnerability arises from the absence of proper nonce validation within the metabox_review_save() function. As a result, unauthorized individuals could potentially exploit this flaw by deceiving an administrator into executing a crafted request, allowing them to save harmful meta tags without adequate permissions.
Affected Version(s)
Absolute Reviews * <= 1.0.8