← Back

Wp125

wp125

Vendor: Webmaster Source • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-25073
1Webmaster Source
1Wp125
Nov 21, 2024
Jan 24, 2022
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack
CVE-2013-2700
1Webmaster Source
1Wp125
May 6, 2026
May 14, 2014
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests tha...Show more
Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that add or edit an ad via unspecified vectors.Show less