cleantalk
Vulnerabilities and Security Researches

Torod – The smart shipping and delivery portal for e-shops and retailers, CVE-2025-12373

CVE, Research URL

CVE-2025-12373

Home page URL

Security reports for Torod – The smart shipping and delivery portal for e-shops and retailers

Application

Torod – The smart shipping and delivery portal for e-shops and retailers

Published on
Dec 05, 2025
Research Description
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the save_settings function. This makes it possible for unauthenticated attackers to modify plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.9.
Status
vulnerable
Previous vulnerability researches
Torod – The smart shipping and delivery portal for e-shops and retailers (CVE-2025-30936) , Jul 19, 2025
Torod – The smart shipping and delivery portal for e-shops and retailers (CVE-2024-55995) , Dec 22, 2024
Torod – The smart shipping and delivery portal for e-shops and retailers (CVE-2025-12373) , Dec 10, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026