Cross-Site Request Forgery Vulnerability in SEMrush Content Toolkit by SEMrush CY LTD
CVE-2025-68082

Currently unrated

Key Information:

Vendor

WordPress
Status
Semrush Content Toolkit
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68082?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Semrush Content Toolkit, allowing attackers to perform unauthorized actions on behalf of users. This vulnerability affects the application from its inception up to version 1.1.32. If exploited, it could enable malicious actors to compromise user accounts and manipulate content without user consent, highlighting the importance of implementing appropriate security measures to safeguard against CSRF attacks.

Affected Version(s)

Semrush Content Toolkit <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/semr...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68082 : Cross-Site Request Forgery Vulnerability in SEMrush Content Toolkit by SEMrush CY LTD