CVE-2025-5937
BaseFortify
Publication date: 2025-06-28
Last updated on: 2025-07-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| videowhisper | micropayments | to 3.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5937 is a Cross-Site Request Forgery (CSRF) vulnerability in the MicroPayments β Fans Paysite WordPress plugin (up to version 3.2.0). It occurs because the plugin's adminOptions() function lacks proper nonce validation, allowing attackers to trick site administrators into resetting plugin settings via forged requests, such as malicious links. This vulnerability was fixed in version 3.2.1 by adding nonce verification to ensure that reset requests are legitimate and authorized. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to reset the plugin's settings by tricking a site administrator into clicking a malicious link or performing an action. This could disrupt the plugin's configuration, potentially affecting paid memberships, subscriptions, digital asset sales, and wallet management on the site. Although it does not directly lead to data disclosure or site takeover, it can cause unauthorized changes to plugin settings, impacting site functionality and user experience. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the affected WordPress plugin 'MicroPayments - Fans Paysite' is installed and running a version up to and including 3.2.0. Specifically, you can verify if the plugin allows resetting settings via GET requests without nonce validation. To detect exploitation attempts, monitor HTTP requests to the plugin's admin reset settings endpoint for missing or invalid nonce parameters. For example, you can use network monitoring tools or web server logs to look for suspicious GET requests that attempt to reset plugin settings without a valid '_wpnonce' parameter. Commands to check plugin version on the server include: `wp plugin list | grep micropayments` (using WP-CLI) or inspecting the plugin version in the WordPress admin dashboard. Additionally, reviewing web server logs for requests to the plugin's reset functionality without valid nonce tokens can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the 'MicroPayments - Fans Paysite' WordPress plugin to version 3.2.1 or later, where the CSRF vulnerability has been fixed by implementing nonce validation on the reset settings functionality. This update ensures that any reset requests require a valid nonce, preventing unauthorized resets via forged requests. Additionally, ensure that your WordPress installation and all plugins are kept up to date, and educate site administrators to avoid clicking on suspicious links that could trigger CSRF attacks. [1, 2]