Cross-Site Request Forgery Vulnerability in Ultimate FAQ by Rustaurius
CVE-2025-67590

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Ultimate Faq
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-67590?

The Ultimate FAQ plugin by Rustaurius is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability allows attackers to send unauthorized commands to the plugin's functionality by tricking authenticated users into performing actions without their consent. The affected versions of the plugin are those that are unpatched and include on or prior to version 2.4.3. Websites using this plugin risk unauthorized access and manipulation of data, leading to potential service disruption and data compromise.

Affected Version(s)

Ultimate FAQ <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/ulti...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Dec 9, 2025

Credit

daroo | Patchstack Bug Bounty Program

JSON