Cross-Site Request Forgery in Digital Zoom Studio Admin Debug for WordPress
CVE-2025-22503
4.3MEDIUM
Key Information:
- Vendor
- Digital Zoom Studio
- Status
- Admin Debug WordPress – Enable Debug
- Vendor
- CVE Published:
- 7 January 2025
Summary
A Cross-Site Request Forgery vulnerability exists in the Digital Zoom Studio Admin debug plugin for WordPress. This flaw occurs when the debug mode is enabled, potentially allowing attackers to execute unauthorized commands on behalf of authenticated users. Affected versions range from n/a to 1.0.13, making it crucial for users to take action to secure their installations and prevent exploitation of this vulnerability.
Affected Version(s)
Admin debug wordpress – enable debug <= 1.0.13
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)