Cross-Site Request Forgery Vulnerability in Erima Zarinpal Donate by Seyyed-Amir
CVE-2025-27290

4.3MEDIUM

Key Information:

Vendor: Seyyed-amir
Status: Erima Zarinpal Donate
Vendor: CVE Published:; 24 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Erima Zarinpal Donate plugin, which could allow unauthorized commands to be executed on behalf of an authenticated user. This issue can lead to potential misuse of donation functionalities and compromise user trust. It is crucial for users of affected versions to apply security updates or implement mitigating measures.

Affected Version(s)

Erima Zarinpal Donate <= 1.0

References

https://patchstack.com/database/wordpress/plugin/erima-za...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)