Cross-Site Request Forgery Vulnerability in Rhys Wynne's WP Email Capture Plugin
CVE-2025-68529

8.8HIGH

Key Information:

Vendor: WordPress
Status: WP Email Capture
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68529?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Rhys Wynne's WP Email Capture plugin, potentially allowing unauthorized actions to be performed on behalf of users without their consent. This security flaw impacts versions up to 3.12.5, highlighting the need for website owners to maintain updated plugins to safeguard against exploit attempts.

Affected Version(s)

WP Email Capture <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wp-e...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

Arif Shaikh | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-68529?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit