CVE Details
Basic Information
| Title | Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update |
|---|---|
| Type | cve |
| Published | 2025-06-14T08:23:25.957Z |
| Last Seen |
Product Information
| Vendor | netlatch |
|---|---|
| Product | Yougler Blogger Profile Page |
| Version | * – v1.01 |
CVSS Information
| Base Score | 4.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to v1.01. This allows attackers to update the plugin’s settings by tricking an administrator into clicking a malicious link. The vulnerability is due to missing or incorrect nonce validation on the ‘yougler-plugin.php’ page. |
|---|---|
| AI Severity | Medium |
| Vendor | netlatch |
| Product | Yougler Blogger Profile Page |
| Affected Version | <= v1.01 |
Affected Products
- netlatch Yougler Blogger Profile Page * – v1.01
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-352 |
| Bulletin Family |
References
Description
The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the ‘yougler-plugin.php’ page. This makes it possible for unauthenticated attackers to update the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.