Cross-Site Request Forgery Vulnerability in Ultimate Blogroll Plugin for WordPress
CVE-2025-9881
6.1MEDIUM
What is CVE-2025-9881?
The Ultimate Blogroll plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to improper nonce validation in its functions. This vulnerability allows unauthenticated attackers to exploit the plugin by sending forged requests that manipulate settings or inject malicious scripts, contingent upon tricking an administrator into executing an action, such as clicking a deceptive link. This presents significant security risks, as it could lead to unauthorized changes and compromised site integrity.
Affected Version(s)
Ultimate Blogroll * <= 2.5.2