Cross-Site Request Forgery Risk in Cornea Alexandru's Category Custom Fields Plugin
CVE-2025-23822

7.1HIGH

Key Information:

Vendor
WordPress
Vendor
CVE Published:
16 January 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Category Custom Fields plugin developed by Cornea Alexandru. This security flaw allows attackers to execute unauthorized actions on behalf of authenticated users without their consent. The vulnerability affects all versions of the plugin up to 1.0, making it crucial for users to ensure their installations are up to date and to apply security measures to mitigate potential threats.

Affected Version(s)

Category Custom Fields <= 1.0

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SOPROBRO (Patchstack Alliance)
.