Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/07/25 2:29 a.m.8 views

CVE-2025-6054

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/23 2:24 a.m.4 views

CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6AI score0.00125EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/23 2:24 a.m.8 views

CVE-2025-6054 YANewsflash <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS0.00125EPSS
Exploits0References2
CVE
CVE
added 2025/07/23 2:24 a.m.28 views

CVE-2025-6054

The CVE-2025-6054 entry concerns the WordPress YANewsflash plugin (versions ≤ 1.0.3) with a Cross-Site Request Forgery (CSRF) vulnerability stemming from missing/incorrect nonce validation on yanewsflash/yanewsflash.php. This CSRF can allow unauthenticated attackers to trigger actions on behalf o...

6.1CVSS6.7AI score0.00125EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.3 views

WordPress plugin YANewsflash 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

6.1CVSS6.4AI score0.00125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.3 views

PT-2025-30512 · WordPress · Yanewsflash

Name of the Vulnerable Software and Affected Versions: YANewsflash plugin for WordPress versions prior to 1.0.4 Description: The YANewsflash plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the yanewsflash/yanewsflash.php page. This...

6.1CVSS6.3AI score0.00125EPSS
Exploits0References7
Rows per page
Query Builder