5 matches found
CVE-2025-9885
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
EUVD-2025-32282
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
CVE-2025-9885
The CVE-2025-9885 entry concerns the MPWizard – Create Mercado Pago Payment Links plugin for WordPress. Wordfence notes a CSRF vulnerability in all versions up to and including 1.2.1 due to missing/incorrect nonce validation in includes/admin/class-mpwizard-table.php, enabling unauthenticated att...
CVE-2025-9885 MPWizard – Create Mercado Pago Payment Links <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion
The MPWizard – Create Mercado Pago Payment Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation in the '/includes/admin/class-mpwizard-table.php' file. This makes it possible for...
WordPress MPWizard plugin <= 1.2.1 - Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Post Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin MPWizard versions = 1.2.1...