CVE-2025-13366
CSRF in Rabbit Hole WordPress Plugin Allows Settings Reset
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | plugin | rabbit_hole |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP GET requests to the WordPress admin settings page for the Rabbit Hole plugin that include the parameters `page=rabbit_hole` and `action=reset`. Since the reset operation is triggered via a GET request without proper nonce validation, any such request could indicate an attempt to exploit the vulnerability. You can use network monitoring tools or web server logs to search for these requests. For example, using command-line tools on the server, you can run: `grep 'page=rabbit_hole&action=reset' /path/to/access.log` to find such requests in your web server logs. Additionally, you can use tools like `tcpdump` or `Wireshark` to capture HTTP traffic and filter for GET requests containing these parameters. There is no specific command provided in the resources, but monitoring for these GET requests is the key detection method. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the Cross-Site Request Forgery vulnerability in the Rabbit Hole plugin impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The Rabbit Hole plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 1.1. This happens because the plugin does not properly validate nonces on its reset functionality. As a result, an attacker can trick a site administrator into clicking a malicious link or loading an image that triggers a reset of the plugin's settings without the administrator's consent. The vulnerability is easier to exploit because the reset action is done via a GET request.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to reset the Rabbit Hole plugin's settings by tricking an administrator into performing an action like clicking a link. This could disrupt the site's configuration or functionality controlled by the plugin, potentially causing inconvenience or loss of customized settings.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Rabbit Hole plugin to a version later than 1.1 where the nonce validation issue is fixed. If an update is not available, disable or remove the plugin to prevent exploitation. Additionally, avoid clicking on suspicious links or images that could trigger the reset functionality via GET requests.