Cross-Site Request Forgery Vulnerability in GlobalQuran by ibasit
CVE-2025-25143

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Globalquran
Vendor: CVE Published:; 7 February 2025

What is CVE-2025-25143?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the GlobalQuran plugin developed by ibasit. This flaw allows attackers to manipulate user settings without authorization, affecting versions from an unspecified release up to 1.0. It is crucial for users to ensure their installations are up-to-date and implement security measures to mitigate potential exploits.

Affected Version(s)

GlobalQuran <= 1.0

References

https://patchstack.com/database/wordpress/plugin/globalqu...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)

WordPress

What is CVE-2025-25143?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit