CVE-2025-10301
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | funkitools | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10301 is a Cross-Site Request Forgery (CSRF) vulnerability in the FunKItools WordPress plugin (versions up to 1.0.2). It occurs because the plugin's saveFields() function, responsible for saving plugin settings, lacks proper nonce validation. Although it restricts saving to administrators, it does not verify that the request is legitimate, allowing an attacker to trick an administrator into performing an unwanted action (like clicking a malicious link) that updates plugin settings without their consent. [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to modify the plugin's settings without authorization by exploiting an authenticated administrator's session. If an administrator is tricked into clicking a malicious link, the attacker can change plugin configurations, potentially leading to misconfiguration, degraded site security, or other unintended behaviors controlled by the plugin settings. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the WordPress admin options page related to the FunKItools plugin, specifically targeting the saveFields() function. Detection can involve checking for POST requests to admin.php with the 'page' parameter matching the FunKItools options page slug and the presence of 'funkitoolsSubmit' in the request. Since the vulnerability involves missing nonce verification, any such POST requests without valid nonce tokens could indicate exploitation attempts. Commands to detect such activity could include using web server logs or tools like curl or grep to search for suspicious POST requests. For example, on a Linux server, you could use: 1) `grep 'POST /wp-admin/admin.php' /var/log/apache2/access.log | grep 'page=funkitools'` to find relevant requests; 2) use intrusion detection systems or web application firewalls to alert on POST requests to admin.php with the 'funkitoolsSubmit' parameter without valid nonce tokens. However, no specific commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the WordPress admin area to trusted users only, ensuring that only administrators can access the plugin settings. Since the vulnerability is due to missing nonce verification in the saveFields() function, applying a patch or update to the FunKItools plugin that adds proper nonce validation is critical. If an official update is not yet available, temporarily disabling or removing the FunKItools plugin can prevent exploitation. Additionally, educating administrators to avoid clicking on suspicious links that could trigger forged requests can reduce risk. Monitoring and logging admin POST requests for unusual activity is also recommended until a fix is applied. [2]