6 matches found
CVE-2025-9633
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-9633
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-9633 LH Signing <= 2.83 - Cross-Site Request Forgery
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the pluginoptions function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-9633
CVE-2025-9633: LH Signing WordPress plugin vulnerabilities exist in all versions up to 2.83 due to missing or incorrect nonce validation in the plugin_options function, enabling CSRF. This allows unauthenticated attackers to modify plugin settings by inducing an admin action (e.g., clicking a for...
WordPress plugin LH Signing 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2025-37151
The LH Signing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.83. This is due to missing or incorrect nonce validation on the plugin options function. This makes it possible for unauthenticated attackers to modify plugin settings via a...