Lucene search
K

5 matches found

NVD
NVD
added 2025/08/16 4:16 a.m.9 views

CVE-2025-7684

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/16 3:38 a.m.3 views

CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.7AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.10 views

CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...

6.1CVSS0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.4 views

WordPress plugin Last.fm Recent Album Artwork 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Last.fm Recent...

6.1CVSS6.6AI score0.00159EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/15 11:35 p.m.6 views

WordPress Last.fm Recent Album Artwork plugin <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Last.fm Recent Album Artwork versions = 1.0.2...

6.1CVSS5.7AI score0.00159EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder