Plattform
wordpress
Komponente
pardakht-delkhah
Behoben in
3.0.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Pardakht Delkhah WordPress plugin, impacting versions from 0 up to and including 3.0.0. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. The vulnerability was publicly disclosed on December 31, 2025, and a fix is available in a later version of the plugin.
The CSRF vulnerability in Pardakht Delkhah allows an attacker to execute actions on behalf of a logged-in user without their knowledge or consent. This could involve modifying user profiles, changing plugin settings, or even executing arbitrary code if the plugin has insufficient input validation. Successful exploitation hinges on the attacker's ability to craft malicious requests that are triggered by a victim visiting a compromised website or clicking a crafted link. The potential blast radius is significant, as any user with access to the WordPress admin panel is a potential target.
While no public proof-of-concept (PoC) has been released as of the disclosure date, the CSRF vulnerability is well-understood and easily exploitable. The vulnerability is not currently listed on CISA KEV, and there are no reports of active exploitation campaigns. However, given the ease of exploitation and the wide use of WordPress plugins, it is likely that attackers will begin targeting this vulnerability soon.
WordPress websites using the Pardakht Delkhah plugin, particularly those running versions 0 through 3.0.0, are at risk. Shared hosting environments are especially vulnerable, as attackers can potentially compromise multiple websites hosted on the same server. Administrators who haven't implemented robust security practices, such as regular plugin updates and strong password policies, are also at increased risk.
• wordpress / composer / npm:
grep -r 'omidshamloo/pardakht-delkhah' /var/www/html/wp-content/plugins/
wp plugin list | grep pardakht-delkhah• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=some_pardakht_delkhah_function&some_parameter=value | grep -i 'csrf token'disclosure
Exploit-Status
EPSS
0.01% (0% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62101 is to upgrade the Pardakht Delkhah plugin to a version that includes the security fix. If upgrading immediately is not feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious CSRF tokens. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious data from being processed. Implement a Content Security Policy (CSP) to restrict the sources from which scripts can be executed, further reducing the attack surface.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62101 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Pardakht Delkhah WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Pardakht Delkhah plugin versions 0 through 3.0.0. Check your plugin versions and update immediately.
Upgrade the Pardakht Delkhah plugin to a version containing the security fix. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
There are currently no confirmed reports of active exploitation, but the vulnerability is easily exploitable and may become a target.
Refer to the Pardakht Delkhah plugin repository or the WordPress plugin directory for official advisories and updates related to CVE-2025-62101.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.