CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

CVE•added 2025/11/18 8:27 a.m.•10 views

CVE-2025-9625

Affected software: WordPress Coil Web Monetization plugin. Vulnerability: Cross-Site Request Forgery due to missing/incorrect nonce validation on the coil-get-css-selector handling in the maybe_restrict_content function. Impact: Unauthenticated attackers can trigger CSS selector detection functio...

4.3CVSS4.9AI score0.00013EPSS

Exploits0References4

Cvelist•added 2025/11/18 8:27 a.m.•2 views

CVE-2025-9625 Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery

The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the mayberestrictcontent function. This makes it possible...

4.3CVSS0.00013EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by