CVE-2025-47708 – Drupal Enterprise MFA – TFA CSRF Vulnerability

May 14, 2025

CVE ID : CVE-2025-47708

Published : May 14, 2025, 5:15 p.m. | 1 hour, 51 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA – TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA – TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47710 – Drupal Enterprise MFA – TFA Authentication Bypass

Next Article CVE-2025-47707 – Drupal Enterprise MFA – TFA Authentication Bypass

Highlights

CVE-2025-5564 – WordPress GC Social Wall Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5564

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gc_social_wall’ shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

DistroWatch Weekly, Issue 1128

Your Slack app is getting a big upgrade – here’s how to try the new AI features

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

Microsoft confirms Windows 11 25H2, might make Windows more stable

CVE-2025-47708 – Drupal Enterprise MFA – TFA CSRF Vulnerability

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES

The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That

CVE-2025-5778 – “ABC Courier Management System SQL Injection Vulnerability”

‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching

CVE-2025-47703 – Drupal COOKiES Consent Management Cross-Site Scripting (XSS)

CVE-2025-5564 – WordPress GC Social Wall Stored Cross-Site Scripting Vulnerability

“There is no lawsuit.” Drug Dealer Simulator lands on Xbox after addressing rumors about suing Schedule I

Clair Obscur: Expedition 33 release date — Launch times and when it comes out in your time zone

DistroWatch Weekly, Issue 1126

CVE-2025-47708 – Drupal Enterprise MFA – TFA CSRF Vulnerability

Related Posts