CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

June 29, 2025

CVE ID : CVE-2025-24289

Published : June 29, 2025, 8:15 p.m. | 2 hours, 9 minutes ago

Description : A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-24292 – Ubiquiti UniFi Network MAC Address Authentication Bypass Vulnerability

Next Article CVE-2025-24290 – UISP Authenticated SQL Injection Privilege Escalation

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Deltarune Chapters 3 and 4 are finally here with a full release that’s blowing up Steam right now — I’m finally ready to play the Undertale follow-up

CVE-2025-5382 – Devolutions Server Access Control Bypass

Driverless cars ‘could be hacked’ warns Institute of Engineering and Technology

Microsoft Removes Password Management from Authenticator App Starting August 2025

Content Compliance Without the Chaos: How Optimizely CMP Empowers Financial Services Marketers

Best Artificial Intelligence Software

How to Use Your Raspberry Pi Headlessly with VS Code and SSH (No Monitor Needed)

CVE-2025-35975 – MicroDicom DICOM Viewer Out-of-Bounds Write RCE

CVE-2025-24289 – “UCRM Client Signup Plugin CSRF-XSS Vulnerability”

Related Posts