2 matches found
CVE-2025-9887
The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...
WordPress Custom Login And Signup Widget plugin <= 1.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by sk4r1 in WordPress Plugin Custom Login And Signup Widget versions = 1.0...