Cross-Site Request Forgery Vulnerability in WP2HTML Plugin for WordPress
CVE-2025-5930
4.3MEDIUM
What is CVE-2025-5930?
The WP2HTML plugin for WordPress contains a vulnerability allowing Cross-Site Request Forgery (CSRF) due to inadequate nonce validation within the save() function. An unauthenticated attacker could exploit this flaw to manipulate plugin settings by tricking a site administrator into executing a malicious request. This represents a significant risk for websites utilizing this plugin version 1.0.2 or earlier, as it opens the door for potential unauthorized changes to site configurations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WP2HTML * <= 1.0.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nabil Irawan