CVE-2025-8505 – wx-shop Cross-Site Request Forgery (CSRF) Vulnerability

August 3, 2025

CVE ID : CVE-2025-8505

Published : Aug. 3, 2025, 8:15 a.m. | 15 hours, 22 minutes ago

Description : A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8506 – wx-shop Cross-Site Scripting Vulnerability

Next Article CVE-2025-8504 – “Code-Projects Kitchen Treasure File Upload Vulnerability”

Highlights

CVE-2025-52968 – xdg-utils CSRF Vulnerability

June 23, 2025

CVE ID : CVE-2025-52968

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-8505 – wx-shop Cross-Site Request Forgery (CSRF) Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-44881 – Wavlink WL-WN579A3 Command Injection Vulnerability

ChatGPT now remembers everything you’ve ever told it – Here’s what you need to know

Microsoft just killed these features with Edge 137 beta release

CVE-2025-4374 – Quay Unauthorized Privilege Escalation Vulnerability

CVE-2025-52968 – xdg-utils CSRF Vulnerability

CVE-2025-7813 – “Eventin WordPress Plugin SSRF Vulnerability”

CVE-2025-52467 – PostgreSQL Agentic Interface GitHub Token Exfiltration Vulnerability

How to Sort Dates Efficiently in JavaScript

CVE-2025-8505 – wx-shop Cross-Site Request Forgery (CSRF) Vulnerability

Related Posts