CVE-2025-0865

The WP Media Category Management plugin for WordPress (WP-MCM) versions 2.0–2.3.3 are affected by a Cross‑Site Request Forgery (CSRF) vulnerability due to missing/incorrect nonce validation in wp_mcm_handle_action_settings(). This could allow unauthenticated attackers to alter the plugin settings...