Permalink
CVE-2025-39438
4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.
References
Affected products
theme-changer
- =<1.3
Matching in nixpkgs
pkgs.gnomeExtensions.dm-theme-changer
Automatically change theme styles when dark mode is enabled or disabled.
-
nixos-unstable -
- nixpkgs-unstable 4
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>