CVE-2025-7841 – Sertifier Certificate & Badge Maker for WordPress – Tutor LMS Cross-Site Request Forgery (CSRF)

August 23, 2025

CVE ID : CVE-2025-7841

Published : Aug. 23, 2025, 5:15 a.m. | 21 hours, 22 minutes ago

Description : The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the ‘sertifier_settings’ page. This makes it possible for unauthenticated attackers to update the plugin’s api key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7957 – WordPress ShortcodeHub Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-9048 – WordPress Wptobe-memberships Plugin File Deletion Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-7841 – Sertifier Certificate & Badge Maker for WordPress – Tutor LMS Cross-Site Request Forgery (CSRF)

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

CVE-2025-4924 – SourceCodester Client Database Management System SQL Injection Vulnerability

LG’s 5K2K OLED gaming monitor is on sale for the best price we’ve seen yet

Windows 8 tiles were ahead of their time — The Xbox handheld could be the perfect place for a similar interface

Building Scalable APIs with Node.js and TypeScript

The Razer Blade 14 got the AI laptop treatment with less weight, more ports and speakers, and two colors

CVE-2025-7816 – PHPGurukul Apartment Visitors Management System Cross-Site Scripting Vulnerability

Microsoft Halts Automatic Windows 11 Upgrades via KB5001716, Shifts to Notifications Only

CVE-2025-7841 – Sertifier Certificate & Badge Maker for WordPress – Tutor LMS Cross-Site Request Forgery (CSRF)

Related Posts