CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

April 25, 2025

CVE ID : CVE-2025-3870

Published : April 25, 2025, 9:15 a.m. | 2 hours, 32 minutes ago

Description : The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1279 – “WordPress BM Content Builder Unauthenticated Privilege Escalation”

Next Article CVE-2025-46535 – AlphaEfficiencyTeam Custom Login and Registration Missing Authorization Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

CVE-2023-53138 – Cisco CAIF Use-After-Free Vulnerability

Craft CMS Zero-Day CVE-2025-32432 Exploited with Metasploit Module Now Public

50 Cent Free Diddy Shirt

Volet is a Customer Feedback Widget for Laravel

Distillation Scaling Laws

CVE-2025-43716 – Ivanti LANDesk Management Gateway Directory Traversal Vulnerability

This tiny Bluetooth dongle gave me the ultimate in-flight movie experience

CVE-2025-4307 – PHPGurukul Art Gallery Management System SQL Injection Vulnerability

CVE-2025-3870 – “1 Decembrie 1918 WordPress CSRF”

Related Posts