Lucene search
+L

335 matches found

EUVD
EUVD
added 2025/12/12 6:31 a.m.6 views

EUVD-2025-202956

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References3
NVD
NVD
added 2025/12/12 4:15 a.m.18 views

CVE-2025-14392

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 3:21 a.m.2 views

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS5AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 3:21 a.m.13 views

CVE-2025-14391

CVE-2025-14391 affects the WordPress plugin Simple Theme Changer . The vulnerability is a Cross-Site Request Forgery (CSRF) in versions up to 1.0 caused by missing or incorrect nonce validation, enabling unauthenticated attackers to update the plugin’s settings by tricking an administrator into p...

4.3CVSS5AI score0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 3:21 a.m.40 views

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.31 views

CVE-2025-14392 Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the userthemeadmin, displaymethodadmin, and setchangethemebuttonname actions actions in all versions up to, and including, 1.0. This makes it possible for...

4.3CVSS0.00164EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 3:20 a.m.15 views

CVE-2025-14392

CVE-2025-14392 concerns the WordPress plugin Simple Theme Changer . The vulnerability arises from missing capability checks on three AJAX-like actions (user_theme_admin, display_method_admin, set_change_theme_button_name) across all versions up to 1.0, allowing authenticated users with subscriber...

4.3CVSS4.7AI score0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Simple Theme Changer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4.3CVSS6.3AI score0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50867

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS5.4AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.14 views

PT-2025-50868

The Simple Theme Changer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user theme admin, display method admin, and set change theme button name actions actions in all versions up to, and including, 1.0. This makes it possible for...

4.3CVSS5.1AI score0.00164EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin Simple Theme Changer 安全漏洞

...

4.3CVSS5.8AI score0.00164EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/11 11:21 p.m.10 views

WordPress Simple Theme Changer plugin <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability

Missing Authorization to Plugin Settings Update via AJAX Actions vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

4.3CVSS6.8AI score0.00164EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 11:14 p.m.5 views

WordPress Simple Theme Changer plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability

Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Simple Theme Changer versions = 1.0...

4.3CVSS6.8AI score0.00106EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.3 views

CVE-2025-53245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

7.1CVSS6AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2025/11/06 4:15 p.m.7 views

CVE-2025-53245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

7.1CVSS0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/06 3:53 p.m.3 views

EUVD-2025-38000

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

5.5AI score0.00214EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/06 3:53 p.m.2 views

CVE-2025-53245 WordPress WP Logo Changer Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

7.1CVSS5.6AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2025/11/06 3:53 p.m.12 views

CVE-2025-53245

CVE-2025-53245 pertains to the WordPress plugin WP Logo Changer (am-login-logo) with versions up to and including 1.2. The vulnerability is Stored XSS caused by improper neutralization during web page generation, allowing injected scripts to persist in the affected pages. Multiple sources (NVD, R...

7.1CVSS5.6AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/06 3:53 p.m.13 views

CVE-2025-53245 WordPress WP Logo Changer Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Afzal Multani WP Logo Changer am-login-logo allows Stored XSS.This issue affects WP Logo Changer: from n/a through = 1.2...

7.1CVSS0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.4 views

WordPress plugin WP Logo Changer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.8AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder