6 matches found
CVE-2025-4189
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
CVE-2025-4189
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...
CVE-2025-4189
CVE-2025-4189 refers to the Audio Comments Plugin for WordPress, with a CSRF to Stored XSS risk affecting all versions up to 1.0.4. The root cause is missing or incorrect nonce validation on the audio-comments/audior-settings.php page, enabling unauthenticated attackers to induce settings changes...
PT-2025-21771 · Unknown · Audio Comments Plugin
Name of the Vulnerable Software and Affected Versions: Audio Comments Plugin versions up to, and including, 1.0.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This allows...
WordPress Audio Comments Plugin plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Audio Comments versions = 1.0.4...