Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/07/17 12:3 p.m.14 views

CVE-2025-7667

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/07/15 12:15 p.m.9 views

CVE-2025-7667

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS0.00271EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/07/15 11:45 a.m.7 views

WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...

8.1CVSS6.8AI score0.00271EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/07/15 11:20 a.m.12 views

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS0.00271EPSS
Exploits0References2
CVE
CVE
added 2025/07/15 11:20 a.m.38 views

CVE-2025-7667

CVE-2025-7667 documents confirm a CSRF to Arbitrary File Deletion in the WordPress plugin Restrict File Access (versions up to and including 1.1.2). Root cause: missing/incorrect nonce validation on the restrict-file-access page, enabling unauthenticated attackers to forge requests that delete se...

8.1CVSS7.3AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/15 11:20 a.m.6 views

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS7.9AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder