CVE-2025-0801
📋 TL;DR
This CSRF vulnerability in the RateMyAgent Official WordPress plugin allows unauthenticated attackers to change the plugin's API key by tricking administrators into clicking malicious links. All WordPress sites using plugin versions up to 1.4.0 are affected. Attackers could potentially disrupt plugin functionality or redirect API calls.
💻 Affected Systems
- RateMyAgent Official WordPress Plugin
📦 What is this software?
Ratemyagent by Ratemyagent
⚠️ Risk & Real-World Impact
Worst Case
Attackers could replace the legitimate API key with their own, potentially intercepting or manipulating data sent to/from the RateMyAgent service, or disabling plugin functionality entirely.
Likely Case
Attackers change the API key, causing the plugin to stop working properly until an administrator notices and corrects the configuration.
If Mitigated
With proper CSRF protections and user awareness training, administrators would not click malicious links, preventing exploitation.
🎯 Exploit Status
Exploitation requires social engineering to trick an administrator into clicking a malicious link while authenticated to WordPress.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.4.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'RateMyAgent Official' and click 'Update Now' if available. 4. Alternatively, download latest version from WordPress.org and manually update.
🔧 Temporary Workarounds
Temporary Plugin Deactivation
allDeactivate the plugin until it can be updated to a patched version.
🧯 If You Can't Patch
- Implement strict access controls to limit who can access WordPress admin panel.
- Use browser extensions that block CSRF attempts or provide additional CSRF protection at the web server level.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins. If RateMyAgent Official version is 1.4.0 or lower, you are vulnerable.Check Version:
No direct command; check via WordPress admin interface or examine wp-content/plugins/ratemyagent-official/readme.txt file.Verify Fix Applied:
After updating, verify the plugin version is higher than 1.4.0 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unexpected changes to plugin settings, particularly API key modifications without corresponding admin activity.
- POST requests to /wp-admin/admin.php?page=rma-settings-wizard without proper nonce validation.
Network Indicators:
- Unusual outbound connections to RateMyAgent API endpoints from unexpected sources if API key was changed.
SIEM Query:
Search for POST requests containing 'rma-settings-wizard' in WordPress access logs without valid nonce parameters.🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/ratemyagent-official/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve
