CSRF Vulnerability in HasThemes WP Plugin Manager
CVE-2025-64271

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Plugin Manager
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-64271?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HasThemes WP Plugin Manager, which could allow an attacker to perform unauthorized actions on behalf of authenticated users without their consent. This security flaw affects versions of the WP Plugin Manager up to and including 1.4.7, posing risks to site integrity and data security. Proper mitigation strategies should be employed to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP Plugin Manager <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/wp-plugi...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Mika | Patchstack Bug Bounty Program

JSON

WordPress