CVE-2025-6459 – Ads Pro Plugin – WordPress Cross-Site Request Forgery (CSRF) Vulnerability

July 2, 2025

CVE ID : CVE-2025-6459

Published : July 2, 2025, 4:15 a.m. | 5 hours, 26 minutes ago

Description : The Ads Pro Plugin – Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6686 – Elementor Magic Buttons Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-6437 – WordPress Ads Pro Plugin SQL Injection Vulnerability

Highlights

CVE-2025-48865 – Fabio HTTP Hop-by-Hop Header Manipulation Vulnerability

May 30, 2025

CVE ID : CVE-2025-48865

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-6459 – Ads Pro Plugin – WordPress Cross-Site Request Forgery (CSRF) Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

Ransomware Response Improves Even as Preparation Lags

CVE-2025-30667 – Zoom Workplace Apps for Windows Denial of Service

6 Best Free and Open Source Graphical Audio Grabbers

CVE-2025-48865 – Fabio HTTP Hop-by-Hop Header Manipulation Vulnerability

Flowtly- All in one business management system. Ready for AI agents.

OpenWrt – Linux distribution targeting embedded devices

Raspberry Pi 5 Desktop Mini PC: Script to use a ZRAM swapdrive

CVE-2025-6459 – Ads Pro Plugin – WordPress Cross-Site Request Forgery (CSRF) Vulnerability

Related Posts