9 matches found
EUVD-2025-28695
Malicious code in bioql PyPI...
CVE-2025-5932
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.30. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-5932
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-5932
CVE-2025-5932 (Homerunner WordPress plugin) affects Homerunner (WordPress) up to version 1.0.29. Root cause: missing or incorrect nonce validation on main_settings(), enabling unauthenticated CSRF to update plugin settings via forged requests. Impact: can alter settings if an admin clicks a link....
CVE-2025-5932 Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.30. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-5932 Homerunner <= 1.0.30 - Cross-Site Request Forgery to Settings Update
The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.30. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...
WordPress Homerunner plugin <= 1.0.30 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Homerunner versions = 1.0.30...
WordPress plugin Homerunner 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
PT-2025-26929 · WordPress · Homerunner
Name of the Vulnerable Software and Affected Versions: Homerunner plugin for WordPress versions prior to 1.0.30 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the main settings function. This allows unauthenticated attackers to upda...