Lucene search
K

4 matches found

NVD
NVD
added 2025/04/25 7:15 a.m.15 views

CVE-2025-3867

The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS0.0021EPSS
Exploits0References2
Circl
Circl
added 2025/04/25 7:7 a.m.8 views

CVE-2025-3867

creationtimestamp| type| source ---|---|--- 2025-04-25 07:07:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13388 2025-04-25 07:07:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmnxr2l5332 2025-04-25 10:49:33+00:00| seen|...

6.1CVSS8.7AI score0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/25 6:45 a.m.26 views

CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/25 6:45 a.m.9 views

CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acformcstsettings' page. This makes it possible for unauthenticated attackers to update settings and...

6.1CVSS6.7AI score0.0021EPSS
Exploits0References2
Rows per page
Query Builder