4 matches found
CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-3097
CVE-2025-3097 affects the WordPress plugin wp Time Machine. It is vulnerable to Cross-Site Request Forgery due to missing nonce validation on wpTimeMachineCore.php in all versions up to 3.4.0. This allows unauthenticated attackers to update settings and inject malicious web scripts via forged req...
CVE-2025-3097 wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and...
WordPress wp Time Machine plugin <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin wp Time Machine versions = 3.4.0...