CVE-2025-10700 | Ally Plugin up to 3.8.0 on WordPress Setting enable_unfiltered_files_upload cross-site request forgery

Inserito da Angelo Barbosa | Ott 15, 2025 | CVE

A vulnerability classified as problematic was found in Ally Plugin up to 3.8.0 on WordPress. Affected is the function enable_unfiltered_files_upload of the component Setting Handler. The manipulation results in cross-site request forgery.

This vulnerability is cataloged as CVE-2025-10700. The attack may be launched remotely. There is no exploit available.

CVE-2025-10700 | Ally Plugin up to 3.8.0 on WordPress Setting enable_unfiltered_files_upload cross-site request forgery

Post correlati

CVE-2024-40461 | Ocuco Innovation STOCKORDERENTRY.EXE 2.10.24.51 Local Privilege Escalation

CVE-2024-10692 | ideaboxcreations PowerPack Elementor Addons Plugin up to 2.8.1 on WordPress authorization (ID 3203205)

CVE-2024-30290 | Adobe Framemaker up to 2020.5/2022.3 out-of-bounds write (apsb24-37)

CVE-2024-1452 | GenerateBlocks Plugin up to 1.8.2 on WordPress information disclosure