Cross-Site Request Forgery in Publish Approval Plugin for WordPress
CVE-2025-9617
5.3MEDIUM
What is CVE-2025-9617?
The Publish Approval plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks across all versions up to and including 1.1. This vulnerability arises from inadequate or erroneous nonce validation within the publish_save_option function. Consequently, this enables unauthorized attackers to manipulate plugin settings through malicious requests, provided they can deceive an administrator into performing specific actions, such as clicking on a misleading link.
Affected Version(s)
Publish approval * <= 1.1