2 matches found
CVE-2025-3452
CVE-2025-3452 concerns the WordPress plugin SecuPress Free (versions up to and including 2.3.9). A missing capability check in the secupress_reinstall_plugins_admin_ajax_cb function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, enabling unauth...
CVE-2024-1504
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for unauthenticated attacker...