CSRF Vulnerability in HasThemes WP Plugin Manager
CVE-2025-64271

Currently unrated

Key Information:

Vendor

WordPress
Status
WP Plugin Manager
Vendor
CVE Published:
13 November 2025

What is CVE-2025-64271?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HasThemes WP Plugin Manager, which could allow an attacker to perform unauthorized actions on behalf of authenticated users without their consent. This security flaw affects versions of the WP Plugin Manager up to and including 1.4.7, posing risks to site integrity and data security. Proper mitigation strategies should be employed to safeguard against potential exploitation.

Affected Version(s)

WP Plugin Manager <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wp-p...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mika | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64271 : CSRF Vulnerability in HasThemes WP Plugin Manager