CVE-2025-8104
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-27

Last updated on: 2025-07-29

Assigner: Wordfence

Description
The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the several whitelisted plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-27
Last Modified
2025-07-29
Generated
2026-05-07
AI Q&A
2025-07-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8104
EUVD
EUVD-2025-22809
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wordpress wp_memory 3.99
wordpress wp_memory 3.98
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress Memory Usage plugin versions up to and including 3.98. It occurs because the function wpmemory_install_plugin() lacks proper nonce validation, allowing unauthenticated attackers to trick a site administrator into performing actions such as installing whitelisted plugins silently via a forged request. [1, 3]


How can this vulnerability impact me? :

This vulnerability can allow an attacker to silently install certain whitelisted plugins on your WordPress site without your consent, by tricking an administrator into clicking a malicious link. This could lead to unauthorized changes to your site, potential security risks from installed plugins, and loss of control over your WordPress environment. [1, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if the WordPress site is running the Memory Usage plugin version 3.98 or earlier, which lacks nonce validation in the wpmemory_install_plugin() function. Since the vulnerability involves Cross-Site Request Forgery allowing silent plugin installation, monitoring for unexpected plugin installations or suspicious POST requests to the plugin's AJAX handler could indicate exploitation attempts. Specific commands are not provided in the resources, but administrators can audit installed plugin versions via WordPress admin or by checking the plugin version in the plugin directory. Additionally, reviewing web server logs for POST requests to the plugin's installation endpoint without valid nonce parameters may help detect attempts. [1, 3]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, update the Memory Usage plugin to version 3.99 or later, which re-enables nonce verification in the wpmemory_install_plugin() function to prevent CSRF attacks. Until the update is applied, restrict access to plugin installation capabilities to trusted administrators only, and avoid clicking on suspicious links that could trigger unauthorized plugin installations. Monitoring and disabling the vulnerable plugin temporarily can also reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart