Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/04/10 9:4 a.m.15 views

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

8.8CVSS6.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 9:15 a.m.24 views

CVE-2025-3064

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

8.8CVSS0.00235EPSS
Exploits0References5
Circl
Circl
added 2025/04/08 8:46 a.m.7 views

CVE-2025-3064

creationtimestamp| type| source ---|---|--- 2025-04-08 08:46:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10881 2025-04-08 11:48:23+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114302183167585816 2025-04-08 12:07:13+00:00| seen|...

8.8CVSS7.3AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 2025/04/08 8:22 a.m.80 views

CVE-2025-3064

CVE-2025-3064 : WordPress plugin WPFront User Role Editor (affected versions up to 4.2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in whitelist_options(). This allows unauthenticated attackers to update the default role option, enabling privilege escal...

8.8CVSS7AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/04/08 8:22 a.m.19 views

CVE-2025-3064 WPFront User Role Editor <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelistoptions function. This makes it possible for unauthenticated attackers to update the...

8.8CVSS0.00235EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/04/07 9:31 p.m.6 views

WordPress WPFront User Role Editor plugin <= 4.2.1 - Cross-Site Request Forgery to Privilege Escalation via whitelist_options Function vulnerability

Cross-Site Request Forgery to Privilege Escalation via whitelistoptions Function vulnerability discovered by WordFence in WordPress Plugin WPFront User Role Editor versions = 4.2.1...

8.8CVSS8.2AI score0.00235EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder