Vulnerabilities and security researches foronestore-sites onestore-sites

Feb 05, 2025

CVE, Research URL: CVE-2025-25107
Home page URL: Security reports for OneStore Sites
Application: OneStore Sites
Date: Feb 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1.
Affected versions: max 0.1.1.
Status: vulnerable

Mar 01, 2025

CVE, Research URL: CVE-2024-13905
Home page URL: Security reports for OneStore Sites
Application: OneStore Sites
Date: Feb 27, 2025
Research Description: The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: max 0.1.1.
Status: vulnerable