CVE-2025-64262
📋 TL;DR
This CSRF vulnerability in the WordPress Auto Prune Posts plugin allows attackers to trick authenticated administrators into performing unintended actions, such as deleting posts or changing plugin settings. It affects all WordPress sites using Auto Prune Posts version 3.0.0 or earlier. Attackers can exploit this by luring administrators to malicious web pages.
💻 Affected Systems
- WordPress Auto Prune Posts plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete content loss through mass post deletion, plugin misconfiguration leading to site disruption, or privilege escalation if combined with other vulnerabilities.
Likely Case
Unauthorized deletion of posts or modification of plugin settings, potentially disrupting site content management.
If Mitigated
No impact if proper CSRF protections are implemented or if administrators avoid clicking suspicious links.
🎯 Exploit Status
CSRF attacks are well-understood and easy to weaponize. Exploitation requires social engineering to lure administrators.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 3.0.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Auto Prune Posts and click 'Update Now' if available. 4. If no update is available, deactivate and delete the plugin, then install the latest version from WordPress repository.
🔧 Temporary Workarounds
Implement CSRF tokens manually
allAdd nonce verification to plugin forms and actions
Requires modifying plugin PHP files to include wp_nonce_field() and wp_verify_nonce() calls
Use browser CSRF protection extensions
allInstall browser extensions that detect and block CSRF attempts
🧯 If You Can't Patch
- Deactivate the Auto Prune Posts plugin immediately
- Implement strict access controls and educate administrators about CSRF risks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Auto Prune Posts for version number. If version is 3.0.0 or lower, you are vulnerable.Check Version:
wp plugin list --name=auto-prune-posts --field=version (if WP-CLI is installed)Verify Fix Applied:
After updating, verify the plugin version is greater than 3.0.0 in the WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unexpected POST requests to /wp-admin/admin-post.php with auto-prune-posts actions
- Multiple post deletions from single administrator session
Network Indicators:
- HTTP requests with Referer headers pointing to external domains making admin requests
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-post.php" AND query_string="action=auto_prune_posts_*") AND NOT referer_domain="yourdomain.com"