4 matches found
WordPress WP2HTML plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin WP2HTML versions = 1.0.2...
CVE-2025-5930
CVE-2025-5930 covers the WP2HTML WordPress plugin (versions <= 1.0.2). It is a CSRF vulnerability caused by missing/incorrect nonce validation in the save() function, allowing unauthenticated attackers to update plugin settings via forged requests that a site admin might perform (e.g., by clic...
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...
CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...