9 matches found
CVE-2025-9213
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
WordPress TextBuilder plugin 1.0.0-1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover vulnerability
Cross-Site Request Forgery to Privilege Escalation via Account Takeover vulnerability discovered by kr0d in WordPress Plugin TextBuilder versions 1.0.0-1.1.1...
EUVD-2025-32289
Malicious code in bioql PyPI...
CVE-2025-9213
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
CVE-2025-9213 TextBuilder 1.0.0 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation via Account Takeover
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged...
CVE-2025-9213
CVE-2025-9213 – TextBuilder (WordPress) CSRF to Privilege Escalation . TextBuilder plugin versions 1.0.0–1.1.1 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the handleToken function. An unauthenticated attacker could trick a site administrator into perf...
WordPress plugin TextBuilder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...
Options structure open to Cross-site Scripting if passed unfiltered
Impact In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options would be...