WordPress Centangle Team Showcase plugin <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Centangle Team Showcase versions = 1.0.0...

CVE-2025-12456

CVE-2025-12456 affects the WordPress plugin Centangle-Team Showcase (Centangle-Team). Public sources confirm a Cross-Site Request Forgery vulnerability in versions up to 1.0.0 due to missing or incorrect nonce validation, enabling unauthenticated attackers to modify plugin settings by tricking an...

CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

CVE-2025-12456 Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...

WordPress plugin Centangle-Team 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-44962

The Centangle-Team plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged reques...