Skip to main content
CVE-2025-64237 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13794 MEDIUM This Month

Authenticated attackers with Contributor-level access or above can delete or generate featured images on posts they do not own in the Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 4.2.1, due to a missing capability check in the bulk_action_generate_handler function. The vulnerability requires user authentication and has a CVSS score of 4.3; no public exploit code or active exploitation has been confirmed at the time of analysis.

Authentication Bypass WordPress
NVD
CVSS 3.1
4.3
EPSS
0.0%

Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.3.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy