6 matches found
CVE-2025-7667
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...
CVE-2025-7667
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...
WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability
Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...
CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...
CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion
The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...
CVE-2025-7667
CVE-2025-7667 documents confirm a CSRF to Arbitrary File Deletion in the WordPress plugin Restrict File Access (versions up to and including 1.1.2). Root cause: missing/incorrect nonce validation on the restrict-file-access page, enabling unauthenticated attackers to forge requests that delete se...