10 matches found
CVE-2025-14616
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
EUVD-2025-206487
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
CVE-2025-14616
The CVE-2025-14616 entry describes a Cross-Site Request Forgery in the WordPress plugin Recooty (Old Dashboard) up to version 1.0.6, caused by missing nonce validation in recooty_save_maybe(). This allows unauthenticated attackers to update the recooty_key option and inject malicious content into...
CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...
WordPress Recooty plugin <= 1.0.6 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by omer yeshayahu in WordPress Plugin Recooty versions 1.0.1-1.0.6...
WordPress plugin Recooty – Job Widget (Old Dashboard) Cross-site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5089
The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recooty save maybe function. This makes it possible for unauthenticated attackers to update the recoo...