The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Metrics
Affected Vendors & Products
References
History
Thu, 06 Mar 2025 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ratemyagent
Ratemyagent ratemyagent |
|
CPEs | cpe:2.3:a:ratemyagent:ratemyagent:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Ratemyagent
Ratemyagent ratemyagent |
Tue, 04 Mar 2025 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 28 Feb 2025 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |
Title | RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update | |
Weaknesses | CWE-352 | |
References |
|
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-02-28T15:14:01.351Z
Reserved: 2025-01-28T14:45:28.388Z
Link: CVE-2025-0801

Updated: 2025-02-28T15:13:57.316Z

Status : Analyzed
Published: 2025-02-28T05:15:33.683
Modified: 2025-03-06T20:21:36.547
Link: CVE-2025-0801

No data.