8 matches found
CVE-2025-9885
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
EUVD-2025-32282
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
CVE-2025-9885
The CVE-2025-9885 entry concerns the MPWizard – Create Mercado Pago Payment Links plugin for WordPress. Wordfence notes a CSRF vulnerability in all versions up to and including 1.2.1 due to missing/incorrect nonce validation in includes/admin/class-mpwizard-table.php, enabling unauthenticated att...
CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
WordPress MPWizard plugin <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin MPWizard versions = 1.2.1...
WordPress plugin MPWizard 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
PT-2025-40505
Name of the Vulnerable Software and Affected Versions MPWizard – Create Mercado Pago Payment Links plugin for WordPress versions prior to 1.2.2 Description The software is susceptible to Cross-Site Request Forgery, allowing unauthenticated attackers to delete arbitrary posts. This is possible due...