Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/16 6:6 a.m.11 views

CVE-2025-1764

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS7AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/14 5:24 a.m.15 views

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS0.00203EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/14 5:24 a.m.9 views

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS7.5AI score0.00203EPSS
Exploits0References4
CVE
CVE
added 2025/03/14 5:24 a.m.59 views

CVE-2025-1764

CVE-2025-1764 affects the WordPress plugin LoginPress (wp-login Custom Login Page Customizer) up to version 3.3.1. Root cause: missing/incorrect nonce validation in custom_plugin_set_option enables CSRF, allowing unauthenticated attackers to forge requests and update arbitrary site options, poten...

7.5CVSS7.5AI score0.00203EPSS
Exploits0References4
Rows per page
Query Builder