EUVD-2025-19925

Malicious code in bioql PyPI...

CVE-2025-6041

The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6041

CVE-2025-6041 concerns the WordPress plugin yContributors (versions up to and including 0.5). The Wordfence record describes a CSRF flaw on the yContributors page that allows unauthenticated attackers to trigger actions on behalf of an administrator and inject web scripts via forged requests, eff...

CVE-2025-6041 yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-6041 yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject...

PT-2025-27846 · WordPress · Ycontributors

Name of the Vulnerable Software and Affected Versions: yContributors plugin for WordPress versions up to, and including, 0.5 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'yContributors' page. This allows unauthenticated...