CVE Daily

CVE-2025-49895

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by Plugin...

High CVSS 8.8

Overview

Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5.

CWE: CWE-352 Published: 2025-08-16T03:15:25.677
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.8 (HIGH)
  • Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

  • CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Recommended tools

Tags