WordPress · Custom Login/Signup Widget · CVE-2025-9887
**Name of the Vulnerable Software and Affected Versions**
Custom Login And Signup Widget versions prior to 1.0
**Description**
The Custom Login And Signup Widget plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the `/frndzk adminclsw.php` file. This allows unauthenticated attackers to modify email and username settings through a forged request if they can trick a site administrator into performing an action.
**Recommendations**
Update the Custom Login And Signup Widget plugin to a version newer than 1.0.