CVE-2025-24712
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme's Radius Blocks WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. This affects WordPress sites using Radius Blocks plugin versions up to 2.1.2. Attackers could modify plugin settings or perform other administrative actions without the victim's knowledge.
💻 Affected Systems
- RadiusTheme Radius Blocks WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could completely compromise the WordPress site by tricking an administrator into changing critical settings, installing malicious plugins, or modifying user permissions.
Likely Case
Attackers modify plugin settings, change site configurations, or inject malicious content through administrator actions performed without consent.
If Mitigated
With proper CSRF protections and user awareness, the risk is limited to unsuccessful exploitation attempts.
🎯 Exploit Status
CSRF attacks are well-understood and easy to weaponize. Exploitation requires social engineering to trick authenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.3 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Radius Blocks' plugin
4. Click 'Update Now' if available
5. If no update appears, download version 2.1.3+ from WordPress.org
6. Deactivate old plugin, upload new version, activate
🔧 Temporary Workarounds
CSRF Protection Headers
allImplement Content Security Policy (CSP) headers to restrict cross-origin requests
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';";
Disable Plugin
allTemporarily disable the Radius Blocks plugin until patched
wp plugin deactivate radius-blocks
🧯 If You Can't Patch
- Implement strict SameSite cookie policies for WordPress authentication cookies
- Use browser extensions that block CSRF attempts and educate administrators about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Radius Blocks → Version number. If version is 2.1.2 or earlier, you are vulnerable.Check Version:
wp plugin get radius-blocks --field=versionVerify Fix Applied:
Verify plugin version is 2.1.3 or later in WordPress admin panel. Test CSRF protection by attempting to submit forms without proper tokens.📡 Detection & Monitoring
Log Indicators:
- Multiple failed CSRF token validations in WordPress logs
- Unexpected plugin setting changes by authenticated users
- Administrative actions from unusual IP addresses or user agents
Network Indicators:
- POST requests to WordPress admin endpoints without Referer headers or CSRF tokens
- Cross-origin requests to wp-admin URLs
SIEM Query:
source="wordpress.log" AND ("CSRF token" OR "nonce verification failed")