Cross-Site Request Forgery Vulnerability in Link Shield Plugin for WordPress
CVE-2025-5926

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Link Shield
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-5926?

The Link Shield plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit CSRF due to inadequate nonce validation in the link_shield_menu_options() function. This flaw can enable attackers to manipulate settings and inject malicious scripts by tricking site administrators into executing unintended actions, such as clicking on deceptive links. Website owners should ensure they are using updated versions and implement stringent security measures to mitigate this risk.

Affected Version(s)

Link Shield * <= 0.5.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/link-shield/tr...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Jun 9, 2025

Credit

Nabil Irawan

JSON