WordPress WP Hallo Welt plugin <= 1.4. - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP Hallo Welt versions = 1.4...

CVE-2025-13365

The WP Hallo Welt plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'halloweltseite' function. This makes it possible for unauthenticated attackers to update plugin settings and...

CVE-2025-13365

CVE-2025-13365 affects the WP Hallo Welt WordPress plugin (versions up to and including 1.4). The issue stems from missing/incorrect nonce validation in the hallo_welt_seite function, enabling unauthenticated CSRF that lets an attacker manipulate plugin settings. The lack of input sanitization/ou...

WordPress plugin WP Hallo Welt 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site reques...