CVE-2025-13365

Name of the Vulnerable Software and Affected Versions WP Hallo Welt plugin versions prior to 1.5

Description The WP Hallo Welt plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the hallo welt seite function. This allows unauthenticated attackers to update plugin settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action, such as clicking a link. Insufficient input sanitization and output escaping can lead to Stored Cross-Site Scripting (XSS).

Recommendations Update the WP Hallo Welt plugin to version 1.5 or later.