Cross-Site Request Forgery Vulnerability in Update Blocker Plugin for WordPress
CVE-2025-9634
4.3MEDIUM
What is CVE-2025-9634?
The Update Blocker plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability where inadequate nonce validation exists in the pub_save action handler. This flaw allows unauthenticated attackers to manipulate plugin update settings by tricking an administrator into clicking a malicious link, effectively enabling or disabling updates without proper authorization.
Affected Version(s)
Plugin updates blocker * <= 0.2