CVE-2025-23694
📋 TL;DR
This CSRF vulnerability in the Shabbos and Yom Tov WordPress plugin allows attackers to trick authenticated administrators into performing actions that lead to stored cross-site scripting (XSS). When exploited, it enables attackers to inject malicious scripts that execute in users' browsers. All WordPress sites using Shabbos and Yom Tov plugin versions up to 1.9 are affected.
💻 Affected Systems
- Shabbos and Yom Tov WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for further compromise.
Likely Case
Attackers would inject malicious scripts to steal session cookies or credentials from authenticated users, potentially gaining administrative access to the WordPress site.
If Mitigated
With proper CSRF tokens and input validation, the vulnerability would be prevented, maintaining normal plugin functionality without security risks.
🎯 Exploit Status
Exploitation requires social engineering to trick an authenticated administrator into clicking a malicious link. The CSRF leads to stored XSS payload injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.9
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Shabbos and Yom Tov' plugin. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Implement CSRF Protection
allAdd CSRF tokens to all plugin forms and validate them on submission
Input Validation and Sanitization
allImplement strict input validation and output encoding for all user-controllable data
🧯 If You Can't Patch
- Disable or remove the Shabbos and Yom Tov plugin from WordPress
- Implement web application firewall (WAF) rules to block CSRF attempts and XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Shabbos and Yom Tov version. If version is 1.9 or earlier, you are vulnerable.Check Version:
wp plugin list --name='shabbos-and-yom-tov' --field=versionVerify Fix Applied:
After updating, verify the plugin version shows higher than 1.9 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin endpoints without referrer headers
- Multiple failed CSRF token validations
- Suspicious script tags in plugin data storage
Network Indicators:
- HTTP requests with malicious script payloads in parameters
- Requests from unexpected origins to plugin admin endpoints
SIEM Query:
source="wordpress.log" AND ("shabbos" OR "yom tov") AND (POST AND NOT referer=*)