Vulnerabilities

CVE-2025-10684

by Fred · 12/12/2025

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .

More information : https://wpscan.com/vulnerability/cfabf8b2-30a4-462f-996c-79888a439c09/

Similar

Tags: Cybersecurity Alert