Cross-Site Request Forgery in Weichuncai WordPress Plugin
CVE-2025-7686
6.1MEDIUM
What is CVE-2025-7686?
The Weichuncai plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation on the sm-options.php page. This vulnerability allows unauthenticated attackers to manipulate settings and inject harmful scripts by deceiving an administrator into executing unintended actions, such as clicking a malicious link.
Affected Version(s)
weichuncai(WP伪春菜) * <= 1.5