38 matches found
WordPress Customify plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...
CVE-2025-8669
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...
WordPress Customify theme <= 0.4.11 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Customify versions = 0.4.11...
EUVD-2025-32258
Malicious code in bioql PyPI...
EUVD-2023-31369
Malicious code in bioql PyPI...
EUVD-2025-27730
Malicious code in bioql PyPI...
CVE-2025-8669
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...
CVE-2025-8669 Customify <= 0.4.11 - Cross-Site Request Forgery
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...
CVE-2025-8669 Customify <= 0.4.11 - Cross-Site Request Forgery
The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...
CVE-2025-8669
CVE-2025-8669 affects the WordPress Customify theme up to version 0.4.11. The issue is a Cross-Site Request Forgery (CSRF) in the reset_customize_section function caused by missing/incorrect nonce validation, allowing unauthenticated attackers to reset theme customization settings via forged requ...
PT-2025-40478
Name of the Vulnerable Software and Affected Versions Customify theme for WordPress version 0.4.11 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the reset customize section function. This allows unauthenticated attackers to...
WordPress plugin Customify 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Customify plugin, which stems from missing or incorrect random number validation in the resetcustomizesection...
WordPress Customify Theme <= 0.4.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Customify Type Theme Vulnerable versions = 0.4.11 Fixed in 0.4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-8669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 835c66f49faa Credits Dmitrii Ignatyev Required...
CVE-2023-27633
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...
CVE-2025-26920
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...
CVE-2025-26920
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...
CVE-2025-26920
CVE-2025-26920 is a Missing Authorization vulnerability affecting the WordPress Customify theme (versions
CVE-2025-26920 WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...
CVE-2025-26920 WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...
PT-2025-22022 · Customify · Customify
Name of the Vulnerable Software and Affected Versions: Customify versions 0.4.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access due to the la...