CVE-2025-9896 in HidePost Pluginالمعلومات

الملخص

بحسب MITRE • 27/09/2025

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

27/09/2025

الاعتدال

تمت الموافقة

إدخال

VDB-326144

CPE

جاهز

CWE

CWE-352 (مؤكد)

CVSS

4.3 (CNA)

EPSS

0.00014

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9896
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9896
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9896/

التالي ▸نظرة عامة ◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!