exploitDog

CVE-2025-1320

Опубликовано: 25 мар. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Ссылки

https://wordpress.org/plugins/teachpress/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/b677ad8b-4f01-4147-bcf6-ae769046be48?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mtrv:teachpress:*:*:*:*:*:wordpress:*:*

Версия до 9.0.10 (исключая)

EPSS

Процентиль: 8%

0.0003

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-f7jq-jj4v-g9m5

CVSS3: 4.3

github

11 месяцев назад

The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

EPSS

Процентиль: 8%

0.0003

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352