3 matches found
CVE-2025-3919
creationtimestamp| type| source ---|---|--- 2025-06-02 23:40:00+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqnx5u3lv5c2 2025-06-03 02:32:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqoasf7jl32r...
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings...
CVE-2025-3919
CVE-2025-3919 affects the WordPress plugin WordPress Comments Import & Export. The issue is an unauthorized data modification vulnerability caused by a missing capability check in the save_settings function across versions up to 2.4.3, compounded by improper sanitization/escaping of FTP settings....