VulnerAlert



WORDPRESS
06-06-2025 04:20

CVE-2025-2935 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#php
#lte
#list
#form
#cross-site
#admin
#attackers
#authenticated
#vulnerable
#protect
#attack
Descripción
The Anti-Spam: Spam Protection | Block Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This due missing or incorrect nonce validation the 'ss_option_maint.php' 'ss_user_filter_list' files. makes it possible unauthenticated attackers delete pending comments, re-enable a previously blocked user via forged request granted they can trick site administrator into performing an action such as clicking on link.
https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_option_maint.php#L73
https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_user_filter_list.php#L239
https://plugins.trac.wordpress.org/browser/stop-spammer-registrations-plugin/trunk/settings/ss_user_filter_list.php#L447
https://www.wordfence.com/threat-intel/vulnerabilities/id/aefb192a-ed42-44a9-bbd1-5906909a419c?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-2935
Resultados similares
Coincidentes en almenos en 50% de los tags
06-06-2025 CVE-2025-5733
The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in a...
Ver información
06-06-2025 CVE-2025-5760
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective ...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por