Reconnecting to live updates…

CVE-2025-12879: CWE-352 Cross-Site Request Forgery (CSRF) in vinoth06 User Generator and Importer

High

VulnerabilityCVE-2025-12879cve cve-2025-12879 cwe-352

Published: Fri Dec 05 2025 (12/05/2025, 09:27:02 UTC)

Source: CVE Database V5

Vendor/Project: vinoth06

Product: User Generator and Importer

Description

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.

Technical Details

Data Version: 5.2
Assigner Short Name: Wordfence
Date Reserved: 2025-11-07T15:59:45.326Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 6932a9b1f88dbe026c8e9fb8

Added to database: 12/5/2025, 9:45:21 AM

Last updated: 12/5/2025, 9:45:23 AM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-13739: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in d3395 CryptX

Medium

VulnerabilityFri Dec 05 2025

CVE-2025-13682: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in phegman Trail Manager

Medium

VulnerabilityFri Dec 05 2025

CVE-2025-13678: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in siamlottery Thai Lottery Widget

Medium

VulnerabilityFri Dec 05 2025

CVE-2025-13614: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpkube Cool Tag Cloud

High

VulnerabilityFri Dec 05 2025

CVE-2025-12876: CWE-862 Missing Authorization in projectopia Projectopia – WordPress Project Management

Medium

VulnerabilityFri Dec 05 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-12879: CWE-352 Cross-Site Request Forgery (CSRF) in vinoth06 User Generator and Importer

CVE-2025-12879: CWE-352 Cross-Site Request Forgery (CSRF) in vinoth06 User Generator and Importer

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-13739: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in d3395 CryptX

CVE-2025-13682: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in phegman Trail Manager

CVE-2025-13678: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in siamlottery Thai Lottery Widget

CVE-2025-13614: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpkube Cool Tag Cloud

CVE-2025-12876: CWE-862 Missing Authorization in projectopia Projectopia – WordPress Project Management

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility