CVE-2025-9887 Custom Login And Signup Widget <= 1.0 - Cross-Site Request Forgery

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

CVE-2025-9887

CVE-2025-9887 concerns the WordPress plugin Custom Login And Signup Widget . The vulnerability is a Cross-Site Request Forgery in all versions up to 1.0 caused by missing or incorrect nonce validation in the file /frndzk_adminclsw.php. This allows unauthenticated attackers to change email and use...

WordPress Custom Login And Signup Widget plugin <= 1.0 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by sk4r1 in WordPress Plugin Custom Login And Signup Widget versions = 1.0...

WordPress plugin Custom Login And Signup Widget 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an...

CVE-2025-49029

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...

CVE-2025-49029 WordPress Custom Login And Signup Widget plugin <= 1.0 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in bitto.kazi Custom Login And Signup Widget custom-login-and-signup-widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through = 1.0...

WordPress plugin bitto.Kazi Custom Login And Signup Widget 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

WordPress Custom Login and Signup Widget 1.0 Remote Code Execution

WordPress Custom Login and Signup Widget plugin versions 1.0 and below suffer from a remote code execution vulnerability...