WordPress Quantic Social Image Hover plugin <= 1.0.8 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Quantic Social Image Hover versions = 1.0.8...

CVE-2025-13360

CVE-2025-13360 relates to the WordPress plugin Quantic Social Image Hover (versions up to and including 1.0.8). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the plugin’s settings update function. Exploitation requires tricking a site administrator in...

CVE-2025-13360 Quantic Social Image Hover <= 1.0.8 - Cross-Site Request Forgery to Settings Update

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...

PT-2025-49213

The Quantic Social Image Hover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's...