Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/04/02 9:21 a.m.17 views

CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS0.00301EPSS
Exploits0References3
CVE
CVE
added 2025/04/02 9:21 a.m.65 views

CVE-2025-3097

CVE-2025-3097 affects the WordPress plugin wp Time Machine. It is vulnerable to Cross-Site Request Forgery due to missing nonce validation on wpTimeMachineCore.php in all versions up to 3.4.0. This allows unauthenticated attackers to update settings and inject malicious web scripts via forged req...

6.1CVSS6.7AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/02 9:21 a.m.8 views

CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.00301EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/01 10:32 p.m.6 views

WordPress wp Time Machine plugin <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin wp Time Machine versions = 3.4.0...

6.1CVSS6.4AI score0.00301EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder