Cross-Site Request Forgery Vulnerability in Ultimate Blogroll Plugin for WordPress

CVE-2025-9881

What is CVE-2025-9881?

The Ultimate Blogroll plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to improper nonce validation in its functions. This vulnerability allows unauthenticated attackers to exploit the plugin by sending forged requests that manipulate settings or inject malicious scripts, contingent upon tricking an administrator into executing an action, such as clicking a deceptive link. This presents significant security risks, as it could lead to unauthorized changes and compromised site integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References