Cross-Site Request Forgery Vulnerability in WP-EasyArchives by WordPress
CVE-2025-49345

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP-easyarchives
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-49345?

The WP-EasyArchives plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which could allow an attacker to perform unauthorized actions on behalf of a user. This could lead to the execution of stored cross-site scripting (XSS) attacks. The vulnerability affects all versions of the plugin up to and including 3.1.2, potentially compromising user data and security.

Affected Version(s)

WP-EasyArchives <= 3.1.2

References

https://vdp.patchstack.com/database/wordpress/plugin/wp-e...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Skalucy | Patchstack Bug Bounty Program

JSON