CVE-2025-3099 in Advanced Search by My Solr Server Pluginالمعلومات

الملخص

بحسب MITRE • 02/04/2025

The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

02/04/2025

الاعتدال

تمت الموافقة

إدخال

VDB-302919

CPE

جاهز

CWE

CWE-352 (مؤكد)

CVSS

6.1 (CNA)

EPSS

0.00413

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-3099
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-3099
CVE Details	https://www.cvedetails.com/cve/CVE-2025-3099/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!