CVE-2025-6053: CWE-352 Cross-Site Request Forgery (CSRF) in bogdansilivestru Zuppler Online Ordering

Medium

VulnerabilityCVE-2025-6053cve cve-2025-6053 cwe-352

Published: Fri Jul 18 2025 (07/18/2025, 04:23:02 UTC)

Source: CVE Database V5

Vendor/Project: bogdansilivestru

Product: Zuppler Online Ordering

Description

The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the 'zuppler-online-ordering-options' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Technical Details

Data Version: 5.1
Assigner Short Name: Wordfence
Date Reserved: 2025-06-13T12:33:48.149Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 6879ce10a83201eaaceef29d

Added to database: 7/18/2025, 4:31:12 AM

Last updated: 7/18/2025, 4:31:12 AM

Related Threats

CVE-2025-7660: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lewisking0072 Map My Locations

Medium

VulnerabilityFri Jul 18 2025

CVE-2025-7648: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ruven-themes Ruven Themes: Shortcodes

Medium

VulnerabilityFri Jul 18 2025

CVE-2025-7638: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in wpmudev Forminator Forms – Contact Form, Payment Form & Custom Form Builder

Medium

VulnerabilityFri Jul 18 2025

CVE-2025-6813: CWE-862 Missing Authorization in aapanel aapanel WP Toolkit

High

VulnerabilityFri Jul 18 2025

CVE-2025-6781: CWE-352 Cross-Site Request Forgery (CSRF) in ryanfaber Copymatic – AI Content Writer & Generator

Medium

VulnerabilityFri Jul 18 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

CVE-2025-6053: CWE-352 Cross-Site Request Forgery (CSRF) in bogdansilivestru Zuppler Online Ordering

CVE-2025-6053: CWE-352 Cross-Site Request Forgery (CSRF) in bogdansilivestru Zuppler Online Ordering

Description

Technical Details

Related Threats

CVE-2025-7660: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lewisking0072 Map My Locations

CVE-2025-7648: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ruven-themes Ruven Themes: Shortcodes

CVE-2025-7638: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in wpmudev Forminator Forms – Contact Form, Payment Form & Custom Form Builder

CVE-2025-6813: CWE-862 Missing Authorization in aapanel aapanel WP Toolkit

CVE-2025-6781: CWE-352 Cross-Site Request Forgery (CSRF) in ryanfaber Copymatic – AI Content Writer & Generator

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility