Cross-Site Request Forgery Vulnerability in Web Accessibility By accessiBe Plugin for WordPress
CVE-2025-10375

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Web Accessibility By Accessibe
Vendor: CVE Published:; 11 October 2025

What is CVE-2025-10375?

The Web Accessibility By accessiBe plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to the absence of nonce validation on several AJAX actions. This issue allows unauthenticated attackers to potentially manipulate plugin settings or create verification files by deceiving a site administrator into executing specific actions, such as clicking a malicious link. This vulnerability impacts all versions of the plugin up to and including version 2.10, exposing WordPress sites relying on this plugin to unauthorized modifications.

Affected Version(s)

Web Accessibility by accessiBe * <= 2.10

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/accessibe/tags...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Moose Love

JSON