MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-12901

🟡 MEDIUM

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level()...

Published
Nov 12, 2025
Last Modified
Nov 12, 2025
Views
3
Bookmarks
0

Description

Request Expert Review

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the subscription settings of authenticated users via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.

CVSS Scores

CVSS 3.1 4.3
4.3
MEDIUM
CVSS 2.0 4.3

References

github.com plugins.trac.wordpress.org plugins.trac.wordpress.org plugins.trac.wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Received

Related CVEs

CVE-2025-12833

MEDIUM

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Referen...

Score: 4.3

CVE-2025-12087

MEDIUM

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl...

Score: 4.3

CVE-2025-54983

MEDIUM

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not r...

Score: 5.2

CVE-2025-64531

HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the co...

Score: 7.8

CVE-2025-61835

HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary...

Score: 7.8

CVE-2025-61834

HIGH

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the co...

Score: 7.8

Share CVE-2025-12901

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-12901 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis