Vulnerabilities > Byonepress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2022-1608 | Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
| 2019-09-26 | CVE-2015-9425 | Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker The social-locker plugin before 4.2.5 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?post_type=opanda-item&page=license-manager-sociallocker-next licensekey parameter. | 4.3 |