4 matches found
CVE-2025-9617 Publish approval <= 1.1 - Cross-Site Request Forgery
The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publishsaveoption function. This makes it possible for unauthenticated attackers to modify plugin settings v...
CVE-2025-9617 Publish approval <= 1.1 - Cross-Site Request Forgery
The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publishsaveoption function. This makes it possible for unauthenticated attackers to modify plugin settings v...
CVE-2025-9617
CVE-2025-9617: The WordPress Publish approval plugin is affected by Cross-Site Request Forgery in all versions up to 1.1 due to missing/incorrect nonce validation in publish_save_option. This permits unauthenticated attackers to alter plugin settings via forged requests if a site admin is tricked...
PT-2025-37144
The Publish approval plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the publish save option function. This makes it possible for unauthenticated attackers to modify plugin settings...