WordPress Video Merchant Cross-Site Request Forgery Vulnerability

WordPress Video Merchant is a once-existing WordPress plugin that is mainly used for managing and displaying video content. WordPress Video Merchant suffers from a cross-site request forgery vulnerability that stems from missing or incorrect random number validation, which can be exploited by an...

CVE-2025-14390

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

CVE-2025-14390

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

EUVD-2025-202401

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...

CVE-2025-14390

Summary: The WordPress Video Merchant plugin (versions

WordPress Video Merchant plugin <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by Ala Arfaoui in WordPress Plugin Video Merchant versions = 5.0.4...

PT-2025-50316

Name of the Vulnerable Software and Affected Versions Video Merchant plugin for WordPress versions 5.0.4 and earlier Description The Video Merchant plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is due to inadequate nonce validation within the video merchant add vide...

WordPress plugin Video Merchant 代码问题漏洞

WordPress Video Merchant is a once-existing WordPress plugin that is mainly used for managing and displaying video content. WordPress Video Merchant suffers from a cross-site request forgery vulnerability that stems from missing or incorrect random number validation, which can be exploited by an...