Cross-Site Request Forgery Risk in Cornea Alexandru's Category Custom Fields Plugin
CVE-2025-23822
7.1HIGH
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Category Custom Fields plugin developed by Cornea Alexandru. This security flaw allows attackers to execute unauthorized actions on behalf of authenticated users without their consent. The vulnerability affects all versions of the plugin up to 1.0, making it crucial for users to ensure their installations are up to date and to apply security measures to mitigate potential threats.
Affected Version(s)
Category Custom Fields <= 1.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)