Lucene search
K

6 matches found

redhatcve
redhatcve
added 2025/07/17 12:3 p.m.14 views

CVE-2025-7667

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS8AI score0.00271EPSS
Exploits0References1
nvd
nvd
added 2025/07/15 12:15 p.m.9 views

CVE-2025-7667

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS0.00271EPSS
Exploits0References2
patchstack
patchstack
added 2025/07/15 11:45 a.m.6 views

WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...

8.1CVSS6.8AI score0.00271EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/07/15 11:20 a.m.11 views

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS0.00271EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/07/15 11:20 a.m.6 views

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

8.1CVSS7.9AI score0.00271EPSS
Exploits0References2
cve
cve
added 2025/07/15 11:20 a.m.36 views

CVE-2025-7667

CVE-2025-7667 documents confirm a CSRF to Arbitrary File Deletion in the WordPress plugin Restrict File Access (versions up to and including 1.1.2). Root cause: missing/incorrect nonce validation on the restrict-file-access page, enabling unauthenticated attackers to forge requests that delete se...

8.1CVSS7.3AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder