CVE-2025-23880
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in the amr personalise WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. This affects all versions up to 2.10, potentially leading to stored XSS attacks. WordPress site administrators using this plugin are at risk.
💻 Affected Systems
- amr personalise WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious scripts that execute in users' browsers, potentially stealing session cookies, redirecting to phishing sites, or performing actions as the victim user.
Likely Case
Attackers create phishing pages that trick logged-in administrators into changing plugin settings or injecting malicious content that affects site visitors.
If Mitigated
With proper CSRF tokens and same-origin policies, the attack fails as requests from malicious sites are rejected.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into visiting malicious pages. No authentication bypass needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.10
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'amr personalise' and check for updates. 4. If update available, click 'Update Now'. 5. Alternatively, download latest version from WordPress repository and manually update.
🔧 Temporary Workarounds
Implement CSRF Protection
WordPressAdd nonce verification to plugin forms and actions
Requires code modification: Add wp_nonce_field() to forms and wp_verify_nonce() checks
🧯 If You Can't Patch
- Temporarily disable the amr personalise plugin
- Implement web application firewall rules to block CSRF attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'amr personalise' version 2.10 or earlierCheck Version:
wp plugin list --name='amr personalise' --field=version (WP-CLI)Verify Fix Applied:
Verify plugin version is higher than 2.10 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple failed CSRF token validations
- Unexpected plugin configuration changes
Network Indicators:
- Requests to plugin endpoints without proper referrer headers
- Cross-origin requests to admin-ajax.php
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "personalise") AND referrer NOT CONTAINS own_domain