CVE-2025-23895
📋 TL;DR
This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Add RSS plugin that can lead to Stored Cross-Site Scripting (XSS). Attackers can trick authenticated administrators into executing malicious actions, potentially injecting persistent scripts into vulnerable sites. WordPress sites using Add RSS plugin versions up to 1.5 are affected.
💻 Affected Systems
- WordPress Add RSS plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover through privilege escalation, data theft, or malware distribution to visitors via persistent malicious scripts injected into the site.
Likely Case
Unauthorized content modification, defacement, or injection of malicious scripts that affect site visitors, potentially leading to credential theft or malware distribution.
If Mitigated
Limited impact with proper CSRF protections and content security policies in place, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated administrators into clicking malicious links while logged in.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/add-rss/vulnerability/wordpress-add-rss-plugin-1-5-csrf-to-stored-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Locate 'Add RSS' plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove the plugin
6. Consider alternative RSS feed plugins
🔧 Temporary Workarounds
Implement CSRF Protection
allAdd CSRF tokens to all form submissions and state-changing requests in the plugin
Content Security Policy
allImplement strict CSP headers to mitigate XSS impact
🧯 If You Can't Patch
- Deactivate and remove the Add RSS plugin immediately
- Implement web application firewall rules to block suspicious requests to the plugin endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Add RSS plugin version 1.5 or earlierCheck Version:
wp plugin list --name=add-rss --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.5 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to Add RSS plugin endpoints
- Multiple failed CSRF token validations
- Unexpected plugin file modifications
Network Indicators:
- Suspicious referrer headers in requests to admin-ajax.php or plugin endpoints
- Unexpected content-type changes in responses
SIEM Query:
source="wordpress" AND (plugin="add-rss" OR uri="/wp-content/plugins/add-rss/") AND (status=403 OR method=POST)