PT-2025-46263 · WordPress · Ctl Arcade Lite

CVE-2025-11886

·

Published

2025-11-11

·

Updated

2025-11-11

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions CTL Arcade Lite plugin for WordPress versions prior to 1.1
Description The software is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the 'ctl arcade lite page manage games' page. This allows unauthenticated attackers to deactivate and activate plugins by tricking a site administrator into performing an action, such as clicking a link. The affected API endpoint is 'ctl arcade lite page manage games'.
Recommendations Update to version 1.1 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-11886

Affected Products

Ctl Arcade Lite