Cross-Site Request Forgery Vulnerability in Mass Custom Fields Manager by Oren Yomtov
CVE-2025-23430

7.1HIGH

Key Information:

Vendor: WordPress
Status: Mass Custom Fields Manager
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23430?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Mass Custom Fields Manager plugin developed by Oren Yomtov. This security flaw permits malicious actors to exploit the plugin, potentially leading to reflected Cross-Site Scripting (XSS) attacks. Affected versions range from n/a to 1.5, putting users at risk of unauthorized actions being taken without user consent. It is crucial for administrators using this plugin to apply necessary patches and updates to mitigate these vulnerabilities.

Affected Version(s)

Mass Custom Fields Manager <= 1.5

References

https://patchstack.com/database/wordpress/plugin/mass-cus...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)