cleantalk
Vulnerabilities and Security Researches

I Am Gloria, CVE-2025-0990

CVE, Research URL

CVE-2025-0990

Home page URL

Security reports for I Am Gloria

Application

I Am Gloria

Published on
Mar 05, 2025
Research Description
The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenant ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.1.4.
Status
vulnerable
Previous vulnerability researches
Debug Assistant (CVE-2023-26527) , Jun 10, 2024
Debug Assistant (CVE-2023-26516) , Jun 10, 2024
Floating Buttons for WooCommerce (CVE-2024-52395) , Nov 15, 2024
I Am Gloria (CVE-2025-0990) , Mar 06, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2024-7714) , Sep 29, 2024
New vulnerability
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025
Duplicate Page and Post (CVE-2025-6189) , Sep 11, 2025
Advanced Settings (CVE-2025-58975) , Sep 10, 2025