cleantalk
Vulnerabilities and Security Researches

Welcome Bar, 025c066ec20d42c962d84a2719b5efd5b87af0cf

CVE, Research URL

025c066ec20d42c962d84a2719b5efd5b87af0cf

Home page URL

Security reports for Welcome Bar

Application

Welcome Bar

Published on
Mar 31, 2023
Research Description
Welcome Bar [intelly-welcome-bar] < 2.0.4 Welcome Bar <= 2.0.3 - Cross-Site Request Forgery The Welcome Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on the iwb_do_action function. This makes it possible for unauthenticated attackers to invoke this AJAX action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.0.4.
Status
vulnerable
Previous vulnerability researches
Welcome Bar (CVE-2025-32129) , Apr 06, 2025
Welcome Bar (025c066ec20d42c962d84a2719b5efd5b87af0cf) , Jun 07, 2024
New vulnerability
Themify Shortcodes (CVE-2025-39581) , Apr 18, 2025
Asgaros Forum (CVE-2025-39514) , Apr 18, 2025
Total processing card payments for WooCommerce (CVE-2025-32513) , Apr 18, 2025
WordPress Contact Form, Drag and Drop Form Builder Plugin &#8211; Live Forms (CVE-2025-39560) , Apr 18, 2025
CRUDLab Scroll to Top (CVE-2025-22774) , Apr 18, 2025