- Description
- The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-352
- Hype score
- Not currently trending
๐จ CVE-2025-2111 ๐ด HIGH (7.5) ๐ข hiddenpearls - Insert Headers And Footers ๐๏ธ * ๐ https://t.co/P0q15sYgzT ๐ https://t.co/pTu1NqM4ge ๐ https://t.co/DP5fWctZl6 ๐ https://t.co/HVls13vSeS #CyberCron #VulnAlert #InfoSec https://t.co/i6EAo0vj1R
@cybercronai
19 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-2111 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-19 06:15:19 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/RHpmfLf61C
@vulns_space
19 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes