Cross-Site Request Forgery Vulnerability in WP Media Category Management Plugin for WordPress
CVE-2025-0865

6.5MEDIUM

Key Information:

Vendor
WordPress
Status
WP Media Category Management
Vendor
CVE Published:
19 February 2025

Summary

The WP Media Category Management plugin for WordPress versions 2.0 to 2.3.3 is susceptible to Cross-Site Request Forgery due to inadequate nonce validation. This vulnerability allows unauthenticated attackers to manipulate plugin settings, such as media taxonomies and default categories, by deceiving a site administrator into submitting a forged request, potentially leading to unauthorized changes on the website.

Affected Version(s)

WP Media Category Management 2.0 <= 2.3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wp-media-categ...
https://plugins.trac.wordpress.org/browser/wp-media-categ...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lucky_buddy
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.