2 matches found
CVE-2025-12827
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
CVE-2025-12827
CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...