4 matches found
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2025-2163
CVE-2025-2163 refers to a CSRF to Stored XSS vulnerability in the Zoorum Comments WordPress plugin (versions up to and including 0.9). The issue arises from missing or incorrect nonce validation in zoorum_set_options(), enabling unauthenticated attackers to update plugin settings and inject scrip...
CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...