CVE-2025-49351

CVE-2025-49351 is a CSRF vulnerability in the WordPress plugin Create Posts & Terms (plugin slug: create-posts-terms), affecting versions up to and including 1.3.1. The connected documents specify that the flaw allows Cross-Site Request Forgery which can lead to Stored XSS. Root cause and exact v...

WordPress I Order Terms plugin cross-site request forgery vulnerability

WordPress I Order Terms plugin is a plugin that adds sorting or ordering functionality to WordPress taxonomies such as taxonomies, tags, and custom taxonomies. The WordPress I Order Terms plugin suffers from a cross-site request forgery vulnerability that stems from a web application that does no...

WordPress plugin I Order Terms 安全漏洞

WordPress I Order Terms plugin is a plugin that adds sorting or ordering functionality to WordPress taxonomies such as taxonomies, tags, and custom taxonomies. The WordPress I Order Terms plugin suffers from a cross-site request forgery vulnerability that stems from a web application that does no...

WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Terms descriptions Type Plugin Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28779 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2f42703e921f Credits Kindaichi Hiro...