CVE-2025-6064
BaseFortify
Publication date: 2025-06-14
Last updated on: 2025-06-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WP URL Shortener plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 1.2. This happens because the plugin's settings page ('url_shortener_settings') lacks proper nonce validation, which is a security measure to verify that requests are legitimate. As a result, an attacker can trick a site administrator into clicking a malicious link that causes unauthorized changes to the plugin's settings or injects malicious scripts.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to modify the plugin's settings or inject malicious web scripts by tricking an administrator into performing an action. This can lead to unauthorized configuration changes, potential site compromise, and the execution of malicious code within the WordPress site, which can affect site integrity and user trust.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress site is running the WP URL Shortener plugin version 1.2 or earlier and verifying if the 'url_shortener_settings' page lacks nonce validation. You can inspect the plugin version via WordPress admin or by checking the plugin files. Additionally, monitoring HTTP requests to the 'url_shortener_settings' page for suspicious POST requests without valid nonce tokens can help detect exploitation attempts. Commands to assist detection include: 1) Using WP-CLI to check plugin version: `wp plugin list | grep wp-url-shortener` 2) Using curl to test the settings page response and check for nonce presence: `curl -i -X GET https://yourwordpresssite.com/wp-admin/options-general.php?page=url_shortener_settings` 3) Using network monitoring tools (e.g., tcpdump or Wireshark) to capture suspicious POST requests to the settings page. However, specific commands to detect nonce absence are manual and require code inspection or plugin version verification. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the WP URL Shortener plugin to a version later than 1.2 where the nonce validation issue is fixed. 2) If an update is not available, temporarily disabling the plugin to prevent exploitation. 3) Restricting access to the 'url_shortener_settings' page to trusted administrators only. 4) Monitoring and blocking suspicious requests targeting the settings page. 5) Implementing web application firewall (WAF) rules to detect and block CSRF attempts. 6) Educating administrators to avoid clicking on suspicious links that could trigger forged requests. [1]