6 matches found
EUVD-2025-13312
Malicious code in bioql PyPI...
CVE-2025-4198
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...
CVE-2025-4198 Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...
CVE-2025-4198 Alink Tap <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...
CVE-2025-4198
CVE-2025-4198 – Alink Tap (WordPress) CSRF to Stored XSS . Affected: Alink Tap plugin for WordPress versions up to and including 1.3.1. Root cause: missing/incorrect nonce validation on the alink-tap page enables Cross-Site Request Forgery. Impact (per sources): unauthenticated attackers can upda...
PT-2025-18934 · WordPress · Alink Tap
Name of the Vulnerable Software and Affected Versions: Alink Tap plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'alink-tap' page. This allows unauthenticated attackers to...