CVE-2025-14616
The CVE-2025-14616 entry describes a Cross-Site Request Forgery in the WordPress plugin Recooty (Old Dashboard) up to version 1.0.6, caused by missing nonce validation in recooty_save_maybe(). This allows unauthenticated attackers to update the recooty_key option and inject malicious content into...