Plattform
wordpress
Komponente
mamurjor-employee-info
Behoben in
1.0.1
CVE-2025-13990 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Mamurjor Employee Info plugin for WordPress. This flaw allows unauthenticated attackers to manipulate sensitive employee data, including records, departments, and salary information. The vulnerability impacts versions 1.0.0 through 1.0.0 of the plugin, and a fix is expected from the vendor.
The CSRF vulnerability in Mamurjor Employee Info allows an attacker to execute unauthorized actions on a WordPress site if a site administrator is tricked into clicking a malicious link. Specifically, an attacker could create, update, or delete employee records, departments, designations, salary grades, education records, and salary payments. This could lead to data breaches, unauthorized modifications to payroll systems, and potential financial fraud. The impact is amplified if the WordPress site manages sensitive employee data, as the attacker could gain control over critical information and potentially impersonate administrators.
CVE-2025-13990 was publicly disclosed on 2026-01-07. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog at the time of writing.
WordPress sites utilizing the Mamurjor Employee Info plugin, particularly those managing sensitive employee data or with limited security controls, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise on one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'admin.php' /var/www/html/wp-content/plugins/mamurjor-employee-info/• wordpress / composer / npm:
wp plugin list --status=inactive | grep mamurjor-employee-info• wordpress / composer / npm:
wp plugin list | grep mamurjor-employee-infodisclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13990 is to upgrade to a patched version of the Mamurjor Employee Info plugin as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. One approach is to restrict access to administrative functions requiring authentication and implement strict input validation. Web Application Firewalls (WAFs) can be configured to detect and block malicious CSRF requests. Additionally, educate administrators about the risks of clicking on untrusted links and opening suspicious emails. After upgrade, confirm by attempting to create/modify an employee record via the plugin's admin interface and verifying that the action requires proper authentication.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability eingehend und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13990 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Mamurjor Employee Info plugin for WordPress versions 1.0.0–1.0.0, allowing attackers to forge requests to manipulate employee data.
If you are using the Mamurjor Employee Info plugin in WordPress version 1.0.0–1.0.0, you are potentially affected by this CSRF vulnerability.
Upgrade to a patched version of the Mamurjor Employee Info plugin as soon as it's available. Until then, implement workarounds like WAF rules and restrict access to administrative functions.
There is currently no indication of active exploitation campaigns targeting CVE-2025-13990.
Check the Mamurjor Employee Info plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-13990.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.