CVE-2025-1687 | ThemeMakers Car Dealer Automotive Theme up to 1.6.4 on WordPress update_user_profile cross-site request forgery

Inserito da Angelo Barbosa | Feb 28, 2025 | CVE

A vulnerability classified as problematic has been found in ThemeMakers Car Dealer Automotive Theme up to 1.6.4 on WordPress. Affected is the function update_user_profile. The manipulation leads to cross-site request forgery.

This vulnerability is traded as CVE-2025-1687. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-1687 | ThemeMakers Car Dealer Automotive Theme up to 1.6.4 on WordPress update_user_profile cross-site request forgery

Post correlati

CVE-2024-1735 | armeria-saml up to 1.27.1 SAML Message improper authentication (GHSA-4m6j-23p2-8c54)

CVE-2024-46853 | Linux Kernel up to 6.1.110/6.6.51/6.10.10 nxp-fspi out-of-bounds

CVE-2024-3863 | Mozilla Firefox up to 124 xrm-ms File unknown vulnerability

CVE-2024-48840 | ABB ASPECT-Enterprise/NEXUS/MATRIX up to 3.08.02 code injection