CVE-2025-12589

The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 0.5.3.5. This is due to missing nonce verification on the settings page and insufficient input sanitization and output escaping. This makes it possibl...

CVE-2025-12589

CVE-2025-12589 affects the WordPress plugin WP-Walla (versions up to and including 0.5.3.5). The issue is a combination of Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) due to missing nonce verification on the settings page and insufficient input sanitization/output esca...

WordPress plugin WP-Walla 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress WP-Walla plugin <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin WP-Walla versions = 0.5.3.5...