3 matches found
CVE-2025-7841
The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifiersettings' page. This makes it possible for...
PT-2025-33462 · WordPress · Add User Meta
Name of the Vulnerable Software and Affected Versions: Add User Meta plugin for WordPress versions up to and including 1.0.1 Description: The Add User Meta plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add-user-meta page. Thi...
PT-2023-16328 · WordPress · Rapidexpcart
Name of the Vulnerable Software and Affected Versions: RapidExpCart WordPress plugin versions through 1.0 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. It occurs because the url parameter in the "rapidexpcart" endpoint is not properly sanitized and escaped befo...