CVE-2025-14392

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

EUVD-2025-202956

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

CVE-2025-14392

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

CVE-2025-14391

CVE-2025-14391 affects the WordPress plugin Simple Theme Changer . The vulnerability is a Cross-Site Request Forgery (CSRF) in versions up to 1.0 caused by missing or incorrect nonce validation, enabling unauthenticated attackers to update the plugin’s settings by tricking an administrator into p...

CVE-2025-14392 Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

CVE-2025-14392

CVE-2025-14392 concerns the WordPress plugin Simple Theme Changer . The vulnerability arises from missing capability checks on three AJAX-like actions (user_theme_admin, display_method_admin, set_change_theme_button_name) across all versions up to 1.0, allowing authenticated users with subscriber...

PT-2025-50868

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user theme admin, display method admin, and set change theme button name actions actions in all versions up to, and including, 1.0. This makes it possible for...

WordPress plugin Simple Theme Changer 安全漏洞

...

WordPress plugin Simple Theme Changer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-50867

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

WordPress Simple Theme Changer plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

EUVD-2025-11579

Malicious code in bioql PyPI...

CVE-2025-39438

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through = 1.4...

CVE-2025-39438

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through = 1.4...

CVE-2025-39438 WordPress Theme Changer plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through = 1.4...

CVE-2025-39438

CVE-2025-39438 is a CSRF vulnerability affecting the WordPress plugin/theme “Theme Changer” (momen2009) up to version 1.3. Root cause: Cross-Site Request Forgery allowing unauthorized actions. Confirmed in multiple sources (NVD entry and Patchstack/CVEs). Impact per available data: minimal/limite...

CVE-2025-39438 WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3...