Skip to main content
CVE-2025-10302 MEDIUM This Month

The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on thesave_options() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-9630 MEDIUM This Month

The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify typography settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8669 MEDIUM This Month

The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0876 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc.

XSS
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy