CVE-2025-4199 – Abundatrade Plugin for WordPress CSRF Vulnerability

May 3, 2025

CVE ID : CVE-2025-4199

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the ‘abundatrade’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleUnderstanding transaction visibility in PostgreSQL clusters with read replicas

Next Article CVE-2025-4222 – WordPress Database Toolset Sensitive Information Exposure

Highlights

CVE-2025-6778 – Food Distributor Site Cross-Site Scripting Vulnerability

June 27, 2025

CVE ID : CVE-2025-6778

Published : June 27, 2025, 9:15 p.m. | 1 hour, 2 minutes ago

Description : A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

Unplugging these 7 common household devices helped reduce my electricity bills

DistroWatch Weekly, Issue 1133

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

DistroWatch Weekly, Issue 1133

DistroWatch Weekly, Issue 1133

Newelle, a ‘Virtual Assistant’ for GNOME, Hits Version 1.0

Bustle – visualize D-Bus activity

CVE-2025-4199 – Abundatrade Plugin for WordPress CSRF Vulnerability

CVE-2025-6754 – “WordPress SEO Metrics Privilege Escalation”

CVE-2025-7710 – “Brave Conversion Engine WordPress Facebook Authentication Bypass”

Uber finally launches feature to prioritize women’s safety

CVE-2025-30929 – Amazon Web Services (AWS) fluXtore Authorization Bypass

Google May Lose Chrome, And OpenAI’s First in Line to Grab It

Microsoft Brings TITAN Intelligence System to Security Copilot Guided Response

CVE-2025-6778 – Food Distributor Site Cross-Site Scripting Vulnerability

12 Best Free and Open Source Linux Business Intelligence Software

JetBrains open sources its code completion LLM, Mellum

CVE-2025-49282 – Unfoldwp Magze PHP Remote File Inclusion

CVE-2025-4199 – Abundatrade Plugin for WordPress CSRF Vulnerability

Related Posts