Cross-Site Request Forgery Vulnerability in Mass Custom Fields Manager by Oren Yomtov
CVE-2025-23430
7.1HIGH
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Mass Custom Fields Manager plugin developed by Oren Yomtov. This security flaw permits malicious actors to exploit the plugin, potentially leading to reflected Cross-Site Scripting (XSS) attacks. Affected versions range from n/a to 1.5, putting users at risk of unauthorized actions being taken without user consent. It is crucial for administrators using this plugin to apply necessary patches and updates to mitigate these vulnerabilities.
Affected Version(s)
Mass Custom Fields Manager <= 1.5
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)