CVE-2025-52780 is a CSRF vulnerability in Mohammad Parsa Logo Manager For Samandehi (versions through 0.5) that enables Stored XSS attacks, allowing unauthenticated attackers to perform unauthorized actions and inject malicious scripts affecting other users. The vulnerability has a CVSS score of 7.1 (High) and exploits weak CSRF protections in an admin/management plugin, with the attack requiring user interaction (UI:R) but affecting multiple users via stored payload persistence.
CVE-2025-52772 is a CSRF vulnerability in Adnan Haque's Virtual Moderator plugin (versions through 1.4) that enables Cross-Site Scripting (XSS) attacks. An unauthenticated attacker can exploit this via a malicious webpage to perform unauthorized actions and inject malicious scripts, potentially compromising user sessions and data. With a CVSS score of 7.1 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate-to-significant risk to affected installations, though exploitation requires social engineering to trick users into visiting attacker-controlled sites.
CVE-2025-52795 is a Cross-Site Request Forgery (CSRF) vulnerability in the aharonyan WP Front User Submit / Front Editor WordPress plugin (versions up to 4.9.4) that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users. The vulnerability has a CVSS score of 7.1 with high availability impact, enabling attackers to modify or delete user-submitted content through malicious web requests without user consent.