CVE-2025-0801

by Fred · 28/02/2025

The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the ‘rma-settings-wizard’. This makes it possible for unauthenticated attackers to update the plugin’s API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Assigner : cve-request@wordfence.com

More information : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail=

CVE-2025-0801

Similar

Recent Posts

Categories

CVE-2025-0801

Share this:

Similar

Recent Posts

Categories

Tags