CVE-2025-9887

by Fred · 20/09/2025

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzk_adminclsw.php file. This makes it possible for unauthenticated attackers to change the email and username settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

More information : https://plugins.trac.wordpress.org/browser/custom-login-and-signup-widget/tags/1.0/frndzk_adminclsw.php#L3

CVE-2025-9887

Similar

Recent Posts

Categories

CVE-2025-9887

Share this:

Similar

Recent Posts

Categories

Tags