CVE-2025-12070

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

WordPress ViaAds plugin <= 2.1.1 - Cross-Site Request Forgery to API Key Update vulnerability

Cross-Site Request Forgery to API Key Update vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ViaAds versions = 2.1.1...

CVE-2025-12070

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

CVE-2025-12070 ViaAds <= 2.1.2 - Cross-Site Request Forgery to API Key Update

The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the ViaAdspluginHandler function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie...

WordPress plugin ViaAds 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-44919

Name of the Vulnerable Software and Affected Versions ViaAds plugin for WordPress versions prior to 2.1.2 Description The ViaAds plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF in versions up to and including 2.1.1. The issue stems from the absence of nonce validation withi...