Lucene search
K

4 matches found

Patchstack
Patchstack
•added 2025/06/13 6:39 a.m.•8 views

WordPress WP2HTML plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin WP2HTML versions = 1.0.2...

4.3CVSS6.7AI score0.00126EPSS
Exploits0References1Affected Software1
CVE
CVE
•added 2025/06/13 1:47 a.m.•45 views

CVE-2025-5930

CVE-2025-5930 covers the WP2HTML WordPress plugin (versions &lt;= 1.0.2). It is a CSRF vulnerability caused by missing/incorrect nonce validation in the save() function, allowing unauthenticated attackers to update plugin settings via forged requests that a site admin might perform (e.g., by clic...

4.3CVSS4.2AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2025/06/13 1:47 a.m.•3 views

CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...

4.3CVSS6.7AI score0.00126EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/06/13 1:47 a.m.•16 views

CVE-2025-5930 WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update

The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...

4.3CVSS0.00126EPSS
Exploits0References2
Rows per page
Query Builder