CVE-2025-6055 – “Zen Sticky Social WordPress CSRF”

June 14, 2025

CVE ID : CVE-2025-6055

Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago

Description : The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the ‘zen-social-sticky/zen-sticky-social.php’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6063 – XiSearch WordPress CSRF

Next Article CVE-2025-6061 – YouTube Video for WordPress Stored Cross-Site Scripting Vulnerability

Newest LF Decentralized Trust Lab HOPrS identifies if photos have been altered

Coder reimagines development environments to make them more ideal for AI agents

Report: AI coding productivity gains cancelled out by other friction points that slow developers down

15 Proven Benefits of Outsourcing Node.js Development for Large Organizations

How passkeys work: Do your favorite sites even support passkeys?

Samsung Galaxy Z Fold 7 vs. Z Fold 6: I tried both phones, and the difference is dramatic

Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

Owlcat Games talks to us about about WH40K: Rogue Trader, the next game ‘Dark Heresy’ — and how the studio feels about working with Xbox Game Pass

Cally – Small, feature-rich calendar components

Cally – Small, feature-rich calendar components

Working with the Command Line and WP-CLI

Access to Care Is Evolving: What Consumer Insights and Behavior Models Reveal

Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

Cor, blimey! The ASUS ROG Ally drops to its lowest-ever price for Amazon Prime Day in the UK — the only Windows handheld to permanently replace my Steam Deck

Owlcat Games talks to us about about WH40K: Rogue Trader, the next game ‘Dark Heresy’ — and how the studio feels about working with Xbox Game Pass

Microsoft says ‘we have threads at home’ — rolls out feature Slack has had for years

CVE-2025-6055 – “Zen Sticky Social WordPress CSRF”

CVE-2025-3497 – Radiflow iSAP Smart Collector EOL Vulnerability

CVE-2025-3498 – Radiflow iSAP Smart Collector Unauthenticated Remote Command Execution and Configuration Modification

CVE-2025-47678 – FunnelCockpit Cross-site Scripting

CVE-2025-22886 – Apache OpenHarmony Memory Leak Denial of Service

Accelerate threat modeling with generative AI

Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability

FaFa Runner is a RPG game with a seamless gaming experience

Tauon Music Player Adds Slick Transparency Mode for Linux

Rilasciato Calibre 8.3: Migliorata la Velocità di Apertura degli EPUB e Nuove Opzioni di Personalizzazione

The Movie Speeds Past $300M—Apple’s First True Box Office Breakthrough

CVE-2025-6055 – “Zen Sticky Social WordPress CSRF”

Related Posts