2 matches found
CVE-2025-14390 Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version = 5.0.4. This is due to missing or incorrect nonce validation on the videomerchantaddvideofile function. This makes it possible for unauthenticated attackers to upload arbitrary files that make remote...
CVE-2025-14390
Summary: The WordPress Video Merchant plugin (versions