CVE-2025-9896 in HidePost Plugininfo

Zusammenfassung

von MITRE • 27.09.2025

The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

27.09.2025

Moderieren

akzeptiert

Eintrag

VDB-326144

CPE

bereit

CWE

CWE-352 (bestätigt)

CVSS

4.3 (CNA)

EPSS

0.00014

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9896
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9896
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9896/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!