Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.35 (exclusive). This is due to missing or incorrect nonce validation on the 'antihacker_ajax_scan' function. This makes it possible for unauthenticated attackers to start the plugin's scanning functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a…Read More