Vulnerability Details: Cross-Site Request Forgery (CSRF)/Settings Change in MailOptin – Lite
One of the changelog entries for the latest version of MailOptin – Lite is “Added nonce check when saving oauth credentials.” Looking at changes made in that version we found that accurately described the change and that previously there had been a cross-site request forgery (CSRF)/settings change vulnerability in the plugin.
…