20 matches found
CVE-2025-12827
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
EUVD-2025-197943
The Top Friends plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing nonce validation on the topfriendsoptionssubpanel function. This makes it possible for unauthenticated attackers to modify plugin settings via a forge...
CVE-2025-12827
CVE-2025-12827 (Top Friends) : The WordPress Top Friends plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 0.3 due to missing nonce validation in the top_friends_options_subpanel() function. This allows unauthenticated attackers to modify plugin settings by tricking an admin...
PT-2025-47262
Name of the Vulnerable Software and Affected Versions Top Friends plugin for WordPress versions prior to 0.4 Description The Top Friends plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation within the top friends options subpanel...
WordPress Friends plugin code issue vulnerability
WordPress Friends plugin is a plugin for social interaction. WordPress Friends plugin has a code issue vulnerability that stems from improper deserialization of the queryvars parameter, which can be exploited by an attacker to cause code execution...
PT-2025-29313 · WordPress · Friends Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Friends plugin for WordPress version 3.5.1 Description: The Friends plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input of the query vars parameter. This allows authenticated attackers with...
WordPress plugin Friends 代码问题漏洞
WordPress Friends plugin is a plugin for social interaction. WordPress Friends plugin has a code issue vulnerability that stems from improper deserialization of the queryvars parameter, which can be exploited by an attacker to cause code execution...
CVE-2024-1978
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...
BIT-WORDPRESS-MULTISITE-2024-12028
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
CVE-2024-12028 Friends <= 3.2.1 - Missing Authorization
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website,...
CVE-2024-12028
The CVE-2024-12028 entry covers the WordPress Friends plugin (up to v3.2.1) with a missing capability check on multiple REST API endpoints. This vulnerability allows unauthenticated attackers to perform actions on behalf of another website, including sending arbitrary friend requests, accepting t...
PT-2024-17409 · WordPress · Friends
Name of the Vulnerable Software and Affected Versions: The Friends plugin for WordPress versions up to, and including, 3.2.1 Description: The issue is related to unauthorized access due to a missing capability check on several REST API endpoints. This allows unauthenticated attackers to send...
WordPress plugin Friends 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Friends plugin <= 3.2.1 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Colin Xu in WordPress Plugin Friends versions = 3.2.1...
CVE-2024-1978
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...
Server side request forgery (ssrf)
The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary...
CVE-2024-1978
CVE-2024-1978 concerns the WordPress Friends plugin (versions
PT-2024-18466 · WordPress · Friends
Name of the Vulnerable Software and Affected Versions: The Friends plugin for WordPress versions up to, and including, 2.8.5 Description: The issue allows authenticated attackers with administrator-level access and above to make web requests to arbitrary locations originating from the web...
WordPress plugin Friends security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Friends Plugin <= 2.8.5 is vulnerable to Server Side Request Forgery (SSRF)
Software Friends Type Plugin Vulnerable versions = 2.8.5 Fixed in 2.8.6 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-1978 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID c75d983a4b44 Credits Francisco Gutierrez Required privilege...