CVE-2025-7667 – WordPress Restrict File Access CSRF Vulnerability

July 15, 2025

CVE ID : CVE-2025-7667

Published : July 15, 2025, 12:15 p.m. | 3 hours, 29 minutes ago

Description : The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the ‘restrict-file-access’ page. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34112 – Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution

Next Article CVE-2025-3621 – ProTNS ActADUR Remote Code Inclusion and Command Injection

Highlights

CVE-2025-53488 – Wikimedia Foundation Mediawiki WikiHiero Extension Stored XSS

July 7, 2025

CVE ID : CVE-2025-53488

Published : July 7, 2025, 7:15 p.m. | 3 hours, 29 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – WikiHiero Extension allows Stored XSS.This issue affects Mediawiki – WikiHiero Extension: from 1.43.X before 1.43.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Kong AI Gateway 3.11 introduces new method for reducing token costs

Native vs hybrid vs cross-platform: Resolving the trilemma

JetBrains updates Junie, Gemini API adds embedding model, and more – Daily News Digest

My favorite Bose products are on sale plus an extra 25% discount – if you buy refurbished

Microsoft saved $500 million using AI — after slashing over 15,000 jobs in 2025

Obsidian’s Xbox RPG Avowed gets another update bringing bug fixes and these new abilities — and it’s now Steam Deck Verified

Half of Windows PCs are still yet to upgrade to Windows 11 — and are running out of time, says study

The details of TC39’s last meeting

The details of TC39’s last meeting

Vector Search Embeddings and RAG

Python Meets Power Automate: Trigger via URL

Ubuntu 25.10 Fixes the Dock’s Inconsistent Radii

Ubuntu 25.10 Fixes the Dock’s Inconsistent Radii

Microsoft saved $500 million using AI — after slashing over 15,000 jobs in 2025

Obsidian’s Xbox RPG Avowed gets another update bringing bug fixes and these new abilities — and it’s now Steam Deck Verified

CVE-2025-7667 – WordPress Restrict File Access CSRF Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The Secret to Effective UX Workshops

CVE-2025-53852 – Apache HTTP Server Remote Code Execution

How To Enable Google AI Mode in India

Microsoft pushes emergency Windows 11 update to fix game crash bug tied to anti-cheat software

CVE-2025-53488 – Wikimedia Foundation Mediawiki WikiHiero Extension Stored XSS

Where to buy NVIDIA RTX 5060 Ti: Launch day stock alerts for the new desktop GPU

The most competent robot vacuum I tested last year just got a major upgrade

CVE-2025-40628 – DomainsPRO SQL Injection

CVE-2025-7667 – WordPress Restrict File Access CSRF Vulnerability

Related Posts