WordPress plugin JaviBola Custom Theme Test 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-7835 iThoughts Advanced Code Editor <= 1.2.10 - Cross-Site Request Forgery to Settings Update

The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughtsaceupdateoptions' AJAX action. This makes it possible for unauthenticated attacke...

CVE-2025-1320

CVE-2025-1320: teachPress WordPress plugin vulnerable to Cross-Site Forgery on Import Delete (import.php) due to missing nonce validation. Affected versions up to 9.0.9; unpatched as per sources. Attack requires user interaction via a forged request, enabling unauthenticated actors to delete impo...

CVE-2024-12219 Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting

The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request...