3 matches found
CVE-2025-6063 XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-6063
The CVE CVE-2025-6063 affects the XiSearch bar WordPress plugin (versions up to and including 2.6). The root cause is missing/incorrect nonce validation on the xisearch-key-config page, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to update plugin settings and inject...
CVE-2025-6063 XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject...