CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

April 25, 2025

CVE ID : CVE-2025-3870

Published : April 25, 2025, 9:15 a.m. | 2 hours, 32 minutes ago

Description : The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1279 – “WordPress BM Content Builder Unauthenticated Privilege Escalation”

Next Article CVE-2025-46535 – AlphaEfficiencyTeam Custom Login and Registration Missing Authorization Vulnerability

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-6141 – GNU Ncurses Stack-Based Buffer Overflow Vulnerability

Meet SmallThinker: A Family of Efficient Large Language Models LLMs Natively Trained for Local Deployment

Monster Hunter Wilds disappointed me, so I returned to Monster Hunter Rise now that it’s cheaper than $11 — You only have a few hours left until this steal of a deal goes away, so get hunting!

With Helldivers 2 coming to Xbox — here are 7 games I’d love to see PlayStation bring to Microsoft’splatform

direnv unclutters your .profile

CVE-2025-8017 – Tenda AC7 HTTPd Stack-Based Buffer Overflow Vulnerability

Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool

CVE-2025-47757 – Adobe VSFT Out-of-Bounds Read Vulnerability

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

Related Posts