6 matches found
CVE-2025-6054
The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-6054
The CVE-2025-6054 entry concerns the WordPress YANewsflash plugin (versions ≤ 1.0.3) with a Cross-Site Request Forgery (CSRF) vulnerability stemming from missing/incorrect nonce validation on yanewsflash/yanewsflash.php. This CSRF can allow unauthenticated attackers to trigger actions on behalf o...
WordPress plugin YANewsflash 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
PT-2025-30512 · WordPress · Yanewsflash
Name of the Vulnerable Software and Affected Versions: YANewsflash plugin for WordPress versions prior to 1.0.4 Description: The YANewsflash plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the yanewsflash/yanewsflash.php page. This...