CVE-2025-22768
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in the Rocket Media Library Mime Type WordPress plugin allows attackers to perform unauthorized actions as authenticated users, leading to Stored Cross-Site Scripting (XSS). This affects WordPress sites using the plugin from any version up to 2.1.0. Attackers can inject malicious scripts that execute when other users view affected pages.
💻 Affected Systems
- WordPress Rocket Media Library Mime Type Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious JavaScript that steals administrator credentials, redirects users to malicious sites, or takes over the WordPress site entirely.
Likely Case
Attackers inject malicious scripts that steal user session cookies, deface the website, or redirect users to phishing pages.
If Mitigated
With proper CSRF protections and input validation, the attack would fail or have minimal impact.
🎯 Exploit Status
Exploitation requires tricking an authenticated user into visiting a malicious page while logged into WordPress. The CSRF leads to stored XSS payload injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.1.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Rocket Media Library Mime Type'. 4. Click 'Update Now' if available, or manually update to latest version. 5. Verify plugin version is above 2.1.0.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate rocket-media-library-mime-type
Implement CSRF Protection
allAdd WordPress nonce verification to plugin forms if custom patching is possible.
🧯 If You Can't Patch
- Restrict plugin access to trusted users only and monitor for suspicious activity.
- Implement web application firewall (WAF) rules to block CSRF and XSS payloads.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Rocket Media Library Mime Type' version 2.1.0 or lower.Check Version:
wp plugin get rocket-media-library-mime-type --field=versionVerify Fix Applied:
Confirm plugin version is above 2.1.0 in WordPress admin panel or via wp-cli.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints without referrer headers
- JavaScript injection patterns in media library or content fields
Network Indicators:
- CSRF attack patterns with missing anti-CSRF tokens
- XSS payloads in HTTP requests
SIEM Query:
source="wordpress.log" AND ("rocket-media-library-mime-type" OR "CSRF") AND status=200