Cross-Site Request Forgery Vulnerability in Zoorum Comments Plugin for WordPress
CVE-2025-2163

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Zoorum Comments
Vendor: CVE Published:; 15 March 2025

What is CVE-2025-2163?

The Zoorum Comments plugin for WordPress exhibits a vulnerability due to improper nonce validation within the zoorum_set_options() function. This issue allows unauthenticated attackers to exploit the plugin by tricking a site administrator into executing unintended actions, such as clicking on a malicious link. Such actions could potentially allow the attackers to modify plugin settings or inject harmful web scripts, compromising the security and integrity of the WordPress site.

Affected Version(s)

Zoorum Comments * <= 0.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/zoorum-comment...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2025
Vulnerability Reserved
Mar 10, 2025

Credit

Johannes Skamletz

JSON