4 matches found
CVE-2025-1320
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...
CVE-2025-1320
creationtimestamp| type| source ---|---|--- 2025-03-25 07:23:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8619 2025-03-25 09:27:26+00:00| seen| https://t.me/cvedetector/21052...
CVE-2025-1320
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...
CVE-2025-1320
CVE-2025-1320: teachPress WordPress plugin vulnerable to Cross-Site Forgery on Import Delete (import.php) due to missing nonce validation. Affected versions up to 9.0.9; unpatched as per sources. Attack requires user interaction via a forged request, enabling unauthenticated actors to delete impo...