CVE-2025-14390 | Video Merchant Plugin up to 5.0.4 on WordPress video_merchant_add_video_file cross-site request forgery

Inserito da Angelo Barbosa | Dic 10, 2025 | CVE

A vulnerability described as problematic has been identified in Video Merchant Plugin up to 5.0.4 on WordPress. Affected by this issue is the function video_merchant_add_video_file. Executing manipulation can lead to cross-site request forgery.

This vulnerability appears as CVE-2025-14390. The attack may be performed from remote. There is no available exploit.

CVE-2025-14390 | Video Merchant Plugin up to 5.0.4 on WordPress video_merchant_add_video_file cross-site request forgery

Post correlati

CVE-2024-53696 | QNAP Systems QuLog Center/QTS/QuTS hero server-side request forgery (qsa-24-53)

CVE-2024-52055 | Wowza Streaming Engine up to 4.8.27+5 XML File injection

CVE-2024-29224 | GoCast 1.1.3 HTTP Request NAT os command injection (TALOS-2024-1961)

CVE-2025-54389 | AIDE up to 0.19.1 neutralization for logs (GHSA-522j-vvx9-gg28)