Cross-Site Request Forgery in osTicket WP Bridge Plugin for WordPress
CVE-2025-9882

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Osticket WP Bridge
Vendor: CVE Published:; 20 September 2025

What is CVE-2025-9882?

The osTicket WP Bridge plugin for WordPress has a vulnerability that allows unauthenticated adversaries to exploit missing or incorrect nonce validation. This weakness enables malicious users to perform unauthorized actions by tricking site administrators into clicking on harmful links, potentially allowing attackers to update configuration settings or inject malicious scripts into the website. It is crucial for all users of the affected versions to apply security measures and consider updates to safeguard their sites.

Affected Version(s)

osTicket WP Bridge * <= 1.9.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/osticket-wp-bridge/

https://plugins.trac.wordpress.org/browser/osticket-wp-br...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2025
Vulnerability Reserved
Sep 2, 2025

Credit

JohSka