cleantalk
Vulnerabilities and Security Researches

CM Tooltip Glossary – Powerful Glossary Plugin, CVE-2024-4086

CVE, Research URL

CVE-2024-4086

Home page URL

Security reports for CM Tooltip Glossary – Powerful Glossary Plugin

Application

CM Tooltip Glossary – Powerful Glossary Plugin

Published on
May 02, 2024
Research Description
The CM Tooltip Glossary – Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.3.0.
Status
vulnerable
Previous vulnerability researches
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2024-11202) , Nov 26, 2024
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2024-48041) , Oct 13, 2024
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2024-5026) , May 19, 2025
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2016-1000132) , Jun 07, 2024
CM Tooltip Glossary – Powerful Glossary Plugin (CVE-2024-4086) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025