Cross-Site Request Forgery in Browser Sniff Plugin for WordPress
CVE-2025-9883

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Browser Sniff
Vendor: CVE Published:; 20 September 2025

What is CVE-2025-9883?

The Browser Sniff plugin for WordPress is susceptible to Cross-Site Request Forgery due to insufficient nonce validation. This vulnerability enables unauthenticated attackers to exploit the plugin, allowing them to forge requests and manipulate settings if they can deceive an administrator into inadvertently executing malicious actions, such as clicking on a deceptive link. It is crucial to take immediate action to secure your WordPress site and update to the latest version of the plugin.

Affected Version(s)

Browser Sniff * <= 2.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/browser-sniff/

https://plugins.trac.wordpress.org/browser/browser-sniff/...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2025
Vulnerability Reserved
Sep 2, 2025

Credit

JohSka