3 matches found
CVE-2025-9891
creationtimestamp| type| source ---|---|--- 2025-09-17 03:17:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyyur4jjjl2g...
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
WordPress User Sync – Remote User Sync plugin <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation vulnerability
Cross-Site Request Forgery to Plugin Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin User Sync versions = 1.0.2...