One Click Plugin Updater Project: Security Vulnerabilities
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-06-13