MGASA-2025-0143 Updated poppler packages fix security vulnerability

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. CVE-2025-43903...

CVE-2025-32546

Cross-Site Request Forgery CSRF vulnerability in gtlwpdev All push notification for WP all-push-notification allows Reflected XSS.This issue affects All push notification for WP: from n/a through = 1.5.3...

WordPress WP AVCL Automation Helper (formerly WPFlyLeads) plugin <= 3.4 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by ch4r0n in WordPress Plugin WP AVCL Automation Helper formerly WPFlyLeads versions = 3.4...

WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin Advanced lazy load versions = 1.6.0...

CVE-2025-43903

Summary: CVE-2025-43903 affects Poppler NSSCryptoSignBackend.cc before 25.04.0, which does not verify adbe.pkcs7.sha1 signatures in PDF documents, enabling potential signature forgeries. What is affected: Poppler (NSSCryptoSignBackend.cc) in versions prior to 25.04.0. The vulnerability is describ...

WordPress Easyfonts plugin <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin Easyfonts versions = 1.1.2...

WordPress AF Tell a Friend plugin <= 1.4 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin AF Tell a Friend versions = 1.4...

WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by johska in WordPress Plugin WP-Planification versions = 2.3.1...

CVE-2025-32487 WordPress Waymark plugin <= 1.5.2 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in Joe Waymark waymark allows Server Side Request Forgery.This issue affects Waymark: from n/a through = 1.5.2...

CVE-2025-32494

CVE-2025-32494 is described as a CSRF flaw in the WordPress reCAPTCHA Jetpack integration (listed as reCAPTCHA Jetpack) affecting versions up to 0.2.2. The connected document notes it can lead to Remote Code Execution via a CSRF path, with CVSS v3.1 base score 4.3 (Medium). The vulnerability appe...

WordPress All push notification for WP Plugin <= 1.5.3 - CSRF to SQL Injection vulnerability

CSRF to SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin All push notification for WP versions = 1.5.3...

WordPress plugin Multiple Location Google Map 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Microsoft Windows Virtualization-Based Security Enclave 数据伪造问题漏洞

Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is a software-based trusted execution environment in the host application address space from Microsoft Corporation USA. Microsoft Windows Virtualization-Based Security Enclave Microsoft Windows VBS Enclave is...

CVE-2025-32265 WordPress JobWP plugin <= 2.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Hossni Mubarak JobWP jobwp allows Cross Site Request Forgery.This issue affects JobWP: from n/a through = 2.3.9...

WordPress Rollbar plugin <= 2.7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by SOPROBRO in WordPress Plugin Rollbar versions = 2.7.1...

WordPress Simple Fixed Notice Plugin <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Simple Fixed Notice versions = 1.6...

CVE-2025-31784

Technical details for CVE-2025-31784 are not publicly available in the provided documents. Monitor for updates from the vendor/authorities for affected versions, impact, and remediation.

CVE-2025-31756 WordPress TZ PlusGallery Plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in tuyennv TZ PlusGallery allows Cross Site Request Forgery. This issue affects TZ PlusGallery: from n/a through 1.5.5...

CVE-2025-31680

The CVE-2025-31680 entry pertains to a CSRF vulnerability in the Drupal Matomo Analytics module. Affected product: Matomo Analytics integration for Drupal (Drupal Matomo Analytics). Vulnerable versions: 0.0.0 up to 1.23.0 (per multiple connected records). Root cause: Cross-Site Request Forgery in...

Drupal General Data Protection Regulation 跨站请求伪造漏洞

Drupal General Data Protection Regulation is a module of the Drupal community. A cross-site request forgery vulnerability exists in Drupal General Data Protection Regulation versions prior to 3.0.1 and versions prior to 3.1.0 through 3.1.2, which stems from cross-site request forgery...