Plattform
wordpress
Komponente
simcast
Behoben in
1.0.1
CVE-2025-14077 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Simcast plugin for WordPress. This flaw allows unauthenticated attackers to manipulate plugin settings if they can trick a site administrator into performing an action. The vulnerability impacts versions 1.0.0 and earlier, and a fix is expected in a future release.
The primary impact of this CSRF vulnerability is the potential for unauthorized modification of the Simcast plugin's settings. An attacker could craft a malicious link or embed a hidden form on a website that, when visited by an administrator, would trigger a forged request to alter the plugin's configuration. This could lead to unexpected behavior, data corruption, or even compromise the integrity of the WordPress site. While the plugin itself may not handle sensitive data directly, changes to its settings could indirectly impact other functionalities or expose the site to further vulnerabilities.
This vulnerability was publicly disclosed on 2026-01-07. No public proof-of-concept (PoC) code has been released at the time of writing. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog.
WordPress sites utilizing the Simcast plugin, particularly those with administrators who frequently click on links from untrusted sources, are at risk. Shared hosting environments where multiple WordPress sites share the same server resources could also be affected if one site is compromised.
• wordpress / composer / npm:
grep -r 'settingsPage' /var/www/html/wp-content/plugins/simcast/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/simcast/settings.php | grep -i 'csrf token'disclosure
Exploit-Status
EPSS
0.02% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2025-14077 is to disable or remove the Simcast plugin until a patched version is available. If disabling is not an option, implement strict access controls and educate administrators about the risks of clicking on suspicious links or forms. Consider using a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Regularly review plugin settings for any unauthorized changes. Monitor WordPress logs for unusual activity related to the Simcast plugin.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14077 is a Cross-Site Request Forgery (CSRF) vulnerability in the Simcast WordPress plugin, allowing attackers to modify plugin settings via forged requests.
If you are using Simcast plugin version 1.0.0 or earlier, you are potentially affected by this vulnerability.
Upgrade to a patched version of the Simcast plugin as soon as it becomes available. Until then, disable or remove the plugin.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known.
Check the Simcast plugin's official website or WordPress plugin repository for updates and advisories related to CVE-2025-14077.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.