CVE-2025-4198 – Alink Tap Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability

May 3, 2025

CVE ID : CVE-2025-4198

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ‘alink-tap’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4222 – WordPress Database Toolset Sensitive Information Exposure

Next Article CVE-2025-4188 – WordPress Advanced Reorder Image Text Slider CSRF

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-4198 – Alink Tap Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Cyberagentschap VS meldt actief misbruik van lek in Linux-kernel

Q&A: The skills developers need in an era of AI development

CVE-2025-48146 – LupsOnline SEO Flow CSRF Stored XSS

Genie 2: A large-scale foundation world model

CVE-2025-32105 – Sangoma IMG2020 HTTP Server Remote Code Execution Buffer Overflow Vulnerability

Free HR Software for Small Businesses in 2025

CVE-2025-49155 – Trend Micro Apex One Uncontrolled Search Path Vulnerability (Arbitrary Code Execution)

How to Build Custom Distributions from Scratch

CVE-2025-32466 – RSMediaGallery Joomla SQL Injection Vulnerability

CVE-2025-4198 – Alink Tap Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability

Related Posts