cleantalk
Vulnerabilities and Security Researches

All-In-One Security (AIOS) – Security and Firewall, CVE-2015-0895

CVE, Research URL

CVE-2015-0895

Home page URL

Security reports for All-In-One Security (AIOS) – Security and Firewall

Application

All-In-One Security (AIOS) – Security and Firewall

Published on
Mar 07, 2015
Research Description
Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.
Affected versions
Min -, max 3.9.0.
Status
vulnerable
Previous vulnerability researches
All-In-One Security (AIOS) – Security and Firewall (CVE-2022-4346) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-0156) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-0157) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-52147) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2024-1037) , Jun 07, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025