CVE-2025-28887
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 'Plugins Last Updated Column' plugin allows attackers to trick authenticated administrators into performing unintended actions. This affects WordPress sites using the plugin versions 0.1.3 and earlier. The vulnerability requires an administrator to be tricked into clicking a malicious link while authenticated.
💻 Affected Systems
- WordPress Plugins Last Updated Column plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could trick an administrator into deactivating security plugins, changing user roles, or modifying critical WordPress settings, potentially leading to site compromise.
Likely Case
Attackers could trick administrators into changing plugin settings, installing malicious plugins, or modifying user permissions without their knowledge.
If Mitigated
With proper CSRF protections and user awareness, the risk is limited to unsuccessful exploitation attempts.
🎯 Exploit Status
CSRF attacks typically require social engineering to trick authenticated users. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.1.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Plugins Last Updated Column'. 4. Click 'Update Now' if available, or delete and reinstall latest version from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched version is available
wp plugin deactivate plugins-last-updated-column
Implement CSRF protection headers
linuxAdd security headers to WordPress to help prevent CSRF attacks
Add to .htaccess: Header set X-Frame-Options "SAMEORIGIN"
Add to .htaccess: Header set Content-Security-Policy "frame-ancestors 'self'"
🧯 If You Can't Patch
- Implement strict SameSite cookie policies for WordPress authentication cookies
- Use browser extensions that block CSRF attempts and educate administrators about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Plugins Last Updated Column' version 0.1.3 or earlierCheck Version:
wp plugin get plugins-last-updated-column --field=versionVerify Fix Applied:
Verify plugin version is 0.1.4 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple failed CSRF token validations in WordPress logs
- Unexpected plugin activation/deactivation events by administrators
Network Indicators:
- POST requests to wp-admin without proper referrer headers
- Suspicious iframe or form submissions targeting wp-admin
SIEM Query:
source="wordpress.log" AND ("CSRF token" OR "nonce verification failed")