Login Sign Up

CVE-2025-0796

4.3 MEDIUM
CSRF

📋 TL;DR

This CSRF vulnerability in the Mortgage Lead Capture System WordPress plugin allows unauthenticated attackers to reset the plugin's settings by tricking administrators into clicking malicious links. All WordPress sites using this plugin up to version 8.2.10 are affected. The attack requires social engineering to get an administrator to perform an action.

💻 Affected Systems

Products:
  • Mortgage Lead Capture System WordPress Plugin
Versions: All versions up to and including 8.2.10
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin activated. All configurations are vulnerable.

📦 What is this software?

Wprequal by Kevinbrent

View all CVEs affecting Wprequal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator clicks malicious link, resetting all plugin settings to defaults, potentially disrupting lead capture functionality and requiring manual reconfiguration.

🟠

Likely Case

Temporary disruption of mortgage lead capture functionality until settings are restored, with potential data loss of custom configurations.

🟢

If Mitigated

No impact if administrators don't click malicious links or if proper CSRF protections are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires social engineering to trick administrators. The technical exploit is simple once the administrator performs the action.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.2.11 or later

Vendor Advisory: https://wordpress.org/plugins/wprequal/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Mortgage Lead Capture System' and check for updates. 4. Update to version 8.2.11 or later. 5. Verify the update completed successfully.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Deactivate the plugin until patched to prevent exploitation

wp plugin deactivate wprequal

🧯 If You Can't Patch

  • Implement Content Security Policy headers to restrict external requests
  • Educate administrators about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Mortgage Lead Capture System version 8.2.10 or earlier

Check Version:

wp plugin get wprequal --field=version

Verify Fix Applied:

Verify plugin version is 8.2.11 or later in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=wprequal_reset_defaults without valid nonce
  • Plugin settings reset events in WordPress logs

Network Indicators:

  • HTTP requests to WordPress admin-ajax endpoint with CSRF payloads
  • Referer header mismatches on admin actions

SIEM Query:

source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND parameters.action="wprequal_reset_defaults")

📊 Metadata

CVE ID: CVE-2025-0796
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
EPSS Score: 0.04% exploit probability (11.3th percentile)
Published: February 18, 2025
Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0796, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2018-18934 9.8

This vulnerability in PopojiCMS v2.0.1 allows remote attackers to upload and execute arbitrary PHP c...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)