CVE-2025-8383
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | depicter | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Depicter WordPress plugin versions up to 4.0.4. It occurs because the plugin's depicter-document-rules-store function lacks proper nonce validation, allowing an attacker to trick a site administrator into performing unintended actions, such as modifying document rules, by sending a forged request. [3]
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to modify document rules on a WordPress site using the Depicter plugin without authentication, by tricking an administrator into clicking a malicious link. This can lead to unauthorized changes in the site's content presentation or behavior, potentially disrupting site functionality or misleading users. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Cross-Site Request Forgery (CSRF) on the Depicter WordPress plugin versions <= 4.0.4, specifically targeting the 'depicter-document-rules-store' AJAX endpoint. Detection can involve monitoring for unauthorized POST requests to this AJAX route without proper CSRF tokens. You can check your web server logs or use network monitoring tools to look for POST requests to URLs containing 'admin-ajax.php' with the action parameter 'depicter-document-rules-store'. For example, using grep on server logs: `grep 'action=depicter-document-rules-store' /path/to/access.log`. Additionally, inspecting HTTP requests for missing or invalid CSRF tokens in these requests can indicate exploitation attempts. Since the vulnerability requires tricking an admin to perform an action, monitoring admin user activity and unusual changes to document rules is also advised. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update the Depicter WordPress plugin to version 4.0.5 or later, as this version includes fixes that add CSRF protection middleware to the affected AJAX routes and enforce user permission checks. If updating is not immediately possible, restrict access to the affected AJAX endpoints to trusted users only, and ensure that user roles and permissions are properly configured to limit who can perform document rule modifications. Additionally, educate administrators to avoid clicking on suspicious links that could trigger forged requests. [3]