CVE-2025-8669

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...

WordPress Customify theme <= 0.4.11 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Customify versions = 0.4.11...

EUVD-2025-32258

Malicious code in bioql PyPI...

CVE-2025-8669

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...

CVE-2025-8669 Customify <= 0.4.11 - Cross-Site Request Forgery

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...

CVE-2025-8669 Customify <= 0.4.11 - Cross-Site Request Forgery

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the resetcustomizesection function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged...

CVE-2025-8669

CVE-2025-8669 affects the WordPress Customify theme up to version 0.4.11. The issue is a Cross-Site Request Forgery (CSRF) in the reset_customize_section function caused by missing/incorrect nonce validation, allowing unauthenticated attackers to reset theme customization settings via forged requ...

PT-2025-40478

Name of the Vulnerable Software and Affected Versions Customify theme for WordPress version 0.4.11 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the reset customize section function. This allows unauthenticated attackers to...

WordPress Customify Theme <= 0.4.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Customify Type Theme Vulnerable versions = 0.4.11 Fixed in 0.4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-8669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 835c66f49faa Credits Dmitrii Ignatyev Required...

CVE-2025-26920 WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...

CVE-2025-26920 WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in pressmaximum Customify customify-theme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through = 0.4.8...

WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme Customify versions = 0.4.8...

WordPress Customify Theme <= 0.4.8 is vulnerable to Broken Access Control

Software Customify Type Theme Vulnerable versions = 0.4.8 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-26920 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6338c0e15242 Credits Fariq Fadillah Gusti Insani Required...