CVE-2025-14630
CSRF in AdminQuickbar Plugin Allows Unauthorized Settings Modification
Publication date: 2026-01-24
Last updated on: 2026-01-24
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | adminquickbar | to 1.9.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14630 is a Cross-Site Request Forgery (CSRF) vulnerability in the AdminQuickbar WordPress plugin (versions up to and including 1.9.3). The vulnerability arises because the plugin's AJAX actions 'saveSettings' and 'renamePost' lack proper nonce validation, allowing unauthenticated attackers to trick an administrator into performing actions such as modifying plugin settings or updating post titles via forged requests. Essentially, if an admin clicks a malicious link, an attacker can change settings or post titles without authorization. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to modify the AdminQuickbar plugin settings and update post titles without proper authorization. Since these actions can be performed by tricking an administrator into clicking a malicious link, it can lead to unauthorized changes in the WordPress admin interface, potentially disrupting site management, causing confusion, or enabling further attacks through manipulated content or settings. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Cross-Site Request Forgery (CSRF) on AJAX actions 'saveSettings' and 'renamePost' in the AdminQuickbar WordPress plugin up to version 1.9.3. Detection can focus on monitoring AJAX requests to these endpoints without proper nonce validation or from unauthenticated sources. You can detect suspicious activity by inspecting HTTP POST requests to admin-ajax.php with actions 'aqb_save_settings' or 'aqbRenamePost'. For example, using command-line tools like curl or network monitoring tools to capture and analyze such requests. A sample command to check for the presence of the vulnerable plugin version could be to query the plugin version via WordPress REST API or by checking plugin files if accessible. However, no explicit detection commands are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the AdminQuickbar plugin to a version later than 1.9.3 where the vulnerability is fixed. The fix involves proper nonce validation and capability checks on AJAX actions 'saveSettings' and 'renamePost' to ensure only users with the 'view_admin_quickbar' capability (administrators) can perform these actions. If an update is not immediately possible, restrict access to admin-ajax.php or implement additional security measures such as Web Application Firewall (WAF) rules to block unauthorized AJAX requests targeting these actions. Also, educate administrators to avoid clicking on suspicious links that could trigger forged requests. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of CVE-2025-14630 on compliance with common standards and regulations such as GDPR or HIPAA.