Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2025-22703
7.1 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 1 year, 2 months ago
WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.

Affected products

forge
  • =<1.4.6

Matching in nixpkgs

pkgs.forge

OpenGL interop library that can be used with ArrayFire or any other application using CUDA or OpenCL compute backend

pkgs.forgejo

Self-hosted lightweight software forge

pkgs.forge-mtg

Magic: the Gathering card game with rules enforcement

pkgs.forgejo-cli

CLI application for interacting with Forgejo

pkgs.mcdreforged

Rewritten version of MCDaemon, a python tool to control your Minecraft server

Package maintainers