CVE-2025-53451
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mihdan | no_external_links | 5.1.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Request Forgery (CSRF) in the WordPress plugin "Mihdan: No External Links" up to version 5.1.4. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising the site's integrity. The plugin is abandoned and has no official fix available. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your website through authenticated users, which may lead to compromised site integrity and potential loss of control over certain site functions. Since the plugin is abandoned and unpatched, the risk remains unless you replace the plugin or apply a virtual patch. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate this vulnerability include urgently replacing the Mihdan: No External Links plugin with alternative software, as no official fix or updated version is available. Deactivating the plugin alone does not mitigate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching to auto-mitigate such vulnerabilities in the absence of official fixes. If compromise is suspected, seek professional incident response. [1]