4 matches found
CVE-2025-14999
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-14999 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...
PT-2026-1597
Name of the Vulnerable Software and Affected Versions The Latest Tabs plugin for WordPress versions up to and including 1.5 Description The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within the...
WordPress Latest Tabs plugin <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update vulnerability
Cross-Site Request Forgery to Plugin's Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Latest Tabs versions = 1.5...