VYPR

LEAV Last Email Address Validator

by WordPress

CVEs (1)

  • CVE-2025-14853MedJan 16, 2026
    risk 0.28cvss 4.3epss 0.00

    The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_settings_page function. This makes it possible for unauthenticated attackers to modify…