Medium severity4.3NVD Advisory· Published Mar 15, 2025· Updated Jun 17, 2026
CVE-2025-1530
CVE-2025-1530
Description
The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=8.0.9+ 1 more
- (no CPE)range: <=8.0.9
- (no CPE)
- tripetto/WordPress form builder plugin for contact forms, surveys and quizzes – Tripettov5Range: 0
Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/changeset/3251202/nvdPatch
- plugins.trac.wordpress.org/changeset/3251202/tripetto/trunk/admin/results/results.phpnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/dd80abd9-3f41-414a-a781-9bff7d85ec4bnvdThird Party Advisory
- plugins.trac.wordpress.org/browser/tripetto/trunk/lib/capabilities.phpnvdProduct
- plugins.trac.wordpress.org/changeset/3251202/tripetto/trunk/admin/results/list.phpnvdProduct
- wordpress.org/plugins/tripetto/nvdProduct
News mentions
0No linked articles in our index yet.