Plattform
wordpress
Komponente
imaq-core
Behoben in
1.2.2
CVE-2025-13363 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the IMAQ CORE plugin for WordPress. This flaw allows unauthenticated attackers to modify the plugin's URL structure settings by tricking an administrator into performing a malicious action. The vulnerability impacts versions 1.0.0 through 1.2.1, and a patch is expected to be released by the vendor.
A successful CSRF attack could allow an attacker to manipulate the IMAQ CORE plugin's configuration without authentication. This could lead to unexpected behavior on the website, potentially impacting SEO, redirecting users to malicious sites, or altering the plugin's functionality. The attacker needs to craft a malicious request and entice a site administrator to execute it, typically through a crafted link or form. The blast radius is limited to the impact of the plugin's altered settings, but could still cause significant disruption to a WordPress site.
This vulnerability was publicly disclosed on 2025-12-12. No public proof-of-concept (PoC) code has been released at the time of writing, but the relatively simple nature of CSRF vulnerabilities suggests a PoC could emerge quickly. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation probability is considered medium due to the ease of CSRF exploitation and the plugin's potential user base.
WordPress websites using the IMAQ CORE plugin, particularly those with multiple administrators or shared hosting environments, are at risk. Sites where administrators frequently click on links from untrusted sources are also more vulnerable.
• wordpress / composer / npm:
grep -r "IMAQ CORE" /var/www/html/wp-content/plugins/
wp plugin list | grep IMAQ CORE• generic web:
curl -I https://example.com/wp-admin/admin-ajax.php?action=update_url_structure&new_url=https://evil.com | grep -i "200"disclosure
Exploit-Status
EPSS
0.02% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13363 is to upgrade to a patched version of the IMAQ CORE plugin as soon as it becomes available. Until a patch is released, consider implementing stricter access controls for administrators, such as requiring multi-factor authentication (MFA). Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of defense. Review WordPress user roles and permissions to ensure administrators only have the necessary privileges. After upgrading, verify the plugin's URL structure settings have not been altered.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13363 is a Cross-Site Request Forgery (CSRF) vulnerability in the IMAQ CORE WordPress plugin, allowing attackers to modify settings via forged requests.
You are affected if your WordPress site uses the IMAQ CORE plugin in versions 1.0.0 through 1.2.1.
Upgrade to the latest version of the IMAQ CORE plugin as soon as a patch is released. Implement stricter administrator access controls as a temporary measure.
There is no confirmed active exploitation at this time, but the vulnerability's nature suggests potential for exploitation.
Check the IMAQ CORE plugin's official website or WordPress plugin repository for updates and advisories.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.