4 matches found
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7684
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
CVE-2025-7684 Last.fm Recent Album Artwork <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfmalbumsartwork.php' page. This makes it possible for unauthenticated attackers to update...
PT-2025-33533 · WordPress · Last.Fm Recent Album Artwork
Name of the Vulnerable Software and Affected Versions: Last.fm Recent Album Artwork plugin for WordPress versions up to and including 1.0.2 Description: The Last.fm Recent Album Artwork plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation ...