{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T08:26:35.223","vulnerabilities":[{"cve":{"id":"CVE-2025-14167","sourceIdentifier":"security@wordfence.com","published":"2026-02-19T07:17:34.357","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR (||) instead of AND (&&), causing the validation to fail when the nonce field is not empty OR when verification fails, rather than when it's empty AND verification fails. This makes it possible for unauthenticated attackers to modify the plugin's post type slug removal settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."},{"lang":"es","value":"El plugin Remove Post Type Slug para WordPress es vulnerable a falsificación de petición en sitios cruzados en todas las versiones hasta la 1.0.2, inclusive. Esto se debe a una lógica de validación de nonce incorrecta que utiliza OR (||) en lugar de AND (&&), lo que provoca que la validación falle cuando el campo nonce no está vacío O cuando la verificación falla, en lugar de cuando está vacío Y la verificación falla. Esto hace posible que atacantes no autenticados modifiquen la configuración de eliminación de slugs de tipos de publicación del plugin a través de una petición falsificada, siempre que puedan engañar a un administrador del sitio para que realice una acción como hacer clic en un enlace."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/remove-post-type-slug/tags/1.0.2/admin/class-remove-post-type-slug-admin.php#L127","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/remove-post-type-slug/trunk/admin/class-remove-post-type-slug-admin.php#L127","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c463a1d4-14c8-460a-ad83-6f3b38f1e4e8?source=cve","source":"security@wordfence.com"}]}}]}