CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

June 29, 2025

CVE ID : CVE-2025-24289

Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago

Description : A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-24292 – Ubiquiti UniFi Network MAC Address Authentication Bypass Vulnerability

Next Article CVE-2025-24290 – UISP Authenticated SQL Injection Privilege Escalation

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

DistroWatch Weekly, Issue 1128

Your Slack app is getting a big upgrade – here’s how to try the new AI features

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

Microsoft confirms Windows 11 25H2, might make Windows more stable

CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES

CVE-2025-21462 – QNAP QTS Memory Corruption Vulnerability

Four trends reshaping Kubernetes platform engineering

DeepSeek-AI Released DeepSeek-Prover-V2: An Open-Source Large Language Model Designed for Formal Theorem, Proving through Subgoal Decomposition and Reinforcement Learning

Xbox introduces limited Witcher 3 10th anniversary controllers, and they’re available right now

CVE-2025-4252 – PCMan FTP Server Buffer Overflow Vulnerability

Google DeepMind at NeurIPS 2024

CVE-2025-4583 – Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)

CVE-2025-4795 – Gongfuxiang SchoolCMS SQL Injection Vulnerability

CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

Related Posts