CVE-2024-13905

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...

CVE-2024-13905 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...

CVE-2024-13905 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery

The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...

CVE-2024-13905

The CVE CVE-2024-13905 affects the WordPress OneStore Sites plugin up to version 0.1.1, with the vulnerability exploiting class-export.php to trigger unauthenticated Server-Side Request Forgery (SSRF). This enables an attacker from the web app to issue requests to arbitrary destinations and can b...

WordPress plugin OneStore Sites 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress OneStore Sites plugin <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery vulnerability

Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin OneStore Sites versions = 0.1.1...

CVE-2025-25107

Cross-Site Request Forgery CSRF vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through = 0.1.1...

CVE-2025-25107

Cross-Site Request Forgery CSRF vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through = 0.1.1...

CVE-2025-25107

CVE-2025-25107 corresponds to a CSRF to Arbitrary Plugin Installation vulnerability in the WordPress OneStore Sites plugin (sainwp), affecting versions

WordPress plugin OneStore Sites 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

PT-2025-5936 · Unknown · Sainwp Onestore Sites

Name of the Vulnerable Software and Affected Versions: sainwp OneStore Sites versions 0.1.1 and earlier Description: A Cross-Site Request Forgery CSRF issue affects sainwp OneStore Sites, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For sainwp OneStore Sites...