2 matches found
CVE-2025-1320 teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...
PT-2025-12767 · WordPress · Teachpress
Name of the Vulnerable Software and Affected Versions: teachPress plugin for WordPress versions up to, and including, 9.0.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the "import.php" page. This allows unauthenticated attackers ...