CVE-2025-12901 | Asgaros Forum Plugin up to 3.2.1 on WordPress Setting set_subscription_level cross-site request forgery

Inserito da Angelo Barbosa | Nov 11, 2025 | CVE

A vulnerability was found in Asgaros Forum Plugin up to 3.2.1 on WordPress. It has been declared as problematic. The affected element is the function set_subscription_level of the component Setting Handler. Executing manipulation can lead to cross-site request forgery.

This vulnerability is handled as CVE-2025-12901. The attack can be executed remotely. There is not any exploit available.

CVE-2025-12901 | Asgaros Forum Plugin up to 3.2.1 on WordPress Setting set_subscription_level cross-site request forgery

Post correlati

CVE-2024-7479 | TeamViewer Remote Full Client/Remote Host on Windows VPN Driver Installation TeamViewer_service.exe signature verification

CVE-2025-60447 | Emlog Pro 2.5.19 Email Template Configuration setting.php?action=mail cross site scripting

CVE-2023-49277 | DarrenOfficial dpaste up to 3.7 API cross site scripting (GHSA-r8j9-5cj7-cv39)

CVE-2024-45394 | Authenticator-Extension Authenticator up to 7.0.0 weak encoding for password