Cross-Site Request Forgery Vulnerability in Admin Menu Manager Plugin
CVE-2025-26925

4.3MEDIUM

Key Information:

Vendor
WordPress
Status
Admin Menu Manager
Vendor
CVE Published:
26 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability found in the Admin Menu Manager plugin for WordPress allows attackers to exploit the plugin's functionality. If a user is authenticated and visits a malicious site while logged into their WordPress account, an attacker could trick them into submitting unauthorized requests. This vulnerability could compromise the integrity of the site's admin capabilities, making it crucial for users to upgrade to secure versions to prevent such attacks.

Affected Version(s)

Admin Menu Manager <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/admin-me...
vdb-entry

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)
.
CVE-2025-26925 : Cross-Site Request Forgery Vulnerability in Admin Menu Manager Plugin | SecurityVulnerability.io