CVE-2021-25073

CVE-2021-25073 affects the WP125 WordPress plugin prior to version 1.5.5. The root cause is missing CSRF checks in multiple actions (e.g., deleting an ad), which enables an attacker to induce a logged-in administrator to perform unwanted deletions via CSRF. Documents describe an exploitation path...

CVE-2013-2700

Vulnerability: CSRF in WP125 WordPress plugin (Add/Edit page adminmenus.php) affecting versions before 1.5.0. Attackers could hijack admin sessions to add/edit ads via unspecified vectors. Impact: unauthorized actions on admin-privileged functionality. Remediation: upgrade the WP125 plugin to ver...