4 matches found
CVE-2025-3867
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-3867
creationtimestamp| type| source ---|---|--- 2025-04-25 07:07:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13388 2025-04-25 07:07:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmnxr2l5332 2025-04-25 10:49:33+00:00| seen|...
CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...