PT-2025-44919 · WordPress · Viaads Plugin
Nabil Irawan
·
Published
2025-11-04
·
Updated
2025-11-04
·
CVE-2025-12070
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ViaAds plugin for WordPress versions prior to 2.1.2
Description
The ViaAds plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) in versions up to and including 2.1.1. The issue stems from the absence of nonce validation within the
ViaAds pluginHandler function. This allows unauthenticated attackers to potentially alter the plugin’s API key and cookie consent settings by crafting a malicious request and deceiving an administrator into executing it, such as clicking a specially designed link.Recommendations
Update the ViaAds plugin to version 2.1.2 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Viaads Plugin