CVE-2025-27335
📋 TL;DR
This CSRF vulnerability in the WordPress Auto Tag Links plugin allows attackers to trick authenticated administrators into performing unintended actions. It affects WordPress sites using the Auto Tag Links plugin versions up to 1.0.13. Attackers could modify plugin settings or perform other administrative actions without the victim's knowledge.
💻 Affected Systems
- WordPress Auto Tag Links plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could reconfigure the plugin to inject malicious content, modify site settings, or chain with other vulnerabilities to gain full site control.
Likely Case
Attackers trick administrators into changing plugin settings, potentially disrupting site functionality or injecting unwanted content.
If Mitigated
With proper CSRF protections and user awareness, exploitation attempts fail or have minimal impact.
🎯 Exploit Status
CSRF attacks typically require social engineering to trick authenticated users into clicking malicious links.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.14 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Auto Tag Links' and click 'Update Now'. 4. Verify version is 1.0.14 or higher.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate auto-tag-links
Implement CSRF protection
allAdd CSRF tokens to WordPress forms using security plugins
🧯 If You Can't Patch
- Restrict admin access to trusted networks only
- Implement strict SameSite cookie policies and Content Security Policy headers
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Auto Tag Links version. If version is 1.0.13 or lower, you are vulnerable.Check Version:
wp plugin get auto-tag-links --field=versionVerify Fix Applied:
After updating, confirm version shows 1.0.14 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Multiple failed admin actions from same IP
- Unexpected plugin configuration changes
Network Indicators:
- POST requests to wp-admin/admin-ajax.php without referrer headers
- Cross-origin requests to plugin endpoints
SIEM Query:
source="wordpress.log" AND ("auto-tag-links" OR "admin-ajax.php") AND status=200 AND referrer="-"