6 matches found
WordPress FunKItools plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...
CVE-2025-10301
The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
EUVD-2025-34564
The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2025-10301
The CVE-2025-10301 entry concerns the WordPress FunKItools plugin. Wordfence and CNVD records describe a Cross-Site Request Forgery (CSRF) vulnerability in saveFields(), caused by missing/incorrect nonce/random validation, allowing unauthenticated attackers to forge a request to update plugin set...
WordPress FunKItools plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin FunKItools versions = 1.0.2...
WordPress plugin FunKItools 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...