Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/05/17 3:24 a.m.18 views

CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/17 3:24 a.m.7 views

CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments/audior-settings.php' page. This makes it possible for unauthenticated attackers to...

6.1CVSS6AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2025/05/17 3:24 a.m.36 views

CVE-2025-4189

CVE-2025-4189 refers to the Audio Comments Plugin for WordPress, with a CSRF to Stored XSS risk affecting all versions up to 1.0.4. The root cause is missing or incorrect nonce validation on the audio-comments/audior-settings.php page, enabling unauthenticated attackers to induce settings changes...

6.1CVSS6AI score0.00124EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/16 9:39 p.m.12 views

WordPress Audio Comments Plugin plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Audio Comments versions = 1.0.4...

6.1CVSS6.5AI score0.00124EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder