Cross-Site Request Forgery in Project Honey Pot Spam Trap Plugin for WordPress
CVE-2025-12406

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Project Honey Pot Spam Trap
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-12406?

The Project Honey Pot Spam Trap plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the printAdminPage() function. This flaw allows unauthenticated attackers to potentially alter settings or inject malicious scripts if they can trick an administrative user into executing a crafted request. As a result, users of versions up to and including 1.0.1 are at risk and should consider immediate remediation steps to protect their sites.

Affected Version(s)

Project Honey Pot Spam Trap * <= 1.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/project-honey-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

JohSka

JSON