Plattform
wordpress
Komponente
munk-sites
Behoben in
1.0.8
A Cross-Site Request Forgery (CSRF) vulnerability exists in MetricThemes Munk Sites, a WordPress plugin. This flaw allows attackers to perform unauthorized actions on a user's account without their knowledge. Versions of Munk Sites from 0.0.0 through 1.0.7 are affected. A patch is available in version 1.0.8.
The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly executing malicious actions within the Munk Sites plugin. This could involve modifying site settings, creating or deleting content, or performing other administrative tasks as if they were initiated by the user. Successful exploitation could lead to unauthorized modifications to the website's functionality and data integrity. The potential impact is significant, as attackers can leverage this vulnerability to compromise the entire WordPress site if users are tricked into clicking malicious links.
This vulnerability was publicly disclosed on 2025-02-07. While no active exploitation campaigns have been confirmed, the CRITICAL CVSS score indicates a high potential for exploitation. The availability of a public proof-of-concept is not currently known. Monitor security advisories and threat intelligence feeds for any signs of exploitation.
Websites using the MetricThemes Munk Sites plugin, particularly those with administrative access or sensitive data, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'munk-sites/includes/class-munk-sites-admin.php' . |
grep -i 'wp_send_json'• generic web:
curl -I https://example.com/munk-sites/admin/ | grep -i 'csrf-token'disclosure
Exploit-Status
EPSS
0.74% (73% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade the Munk Sites plugin to version 1.0.8 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive forms within the plugin. Web Application Firewalls (WAFs) can also be configured to filter out malicious requests targeting the vulnerable endpoints. Regularly review WordPress plugin security best practices to minimize the risk of future CSRF attacks.
Actualice el plugin Munk Sites a la última versión disponible para mitigar la vulnerabilidad de CSRF. Esta actualización aborda la posibilidad de que un atacante ejecute acciones no autorizadas en su sitio web WordPress a través de solicitudes falsificadas. Asegúrese de realizar una copia de seguridad de su sitio antes de actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-25101 is a critical Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–1.0.7 of the MetricThemes Munk Sites WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using the Munk Sites plugin in versions 0.0.0 through 1.0.7. Upgrade to 1.0.8 or later to mitigate the risk.
Upgrade the Munk Sites plugin to version 1.0.8 or later. If upgrading is not possible, implement a WAF with CSRF protection rules.
While no public exploits are currently known, the ease of exploitation suggests a potential for active exploitation. Monitor your site closely.
Refer to the MetricThemes website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.