Plattform
wordpress
Komponente
feather-login-page
Behoben in
1.1.8
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the PluginOps Feather Login Page WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially compromising their accounts or website settings. The vulnerability affects versions from 0 up to and including 1.1.7. A patch is available, requiring users to update to a fixed version.
The CSRF vulnerability in Feather Login Page allows attackers to execute actions on behalf of authenticated users without their knowledge. This could involve changing user passwords, modifying website configurations, or even installing malicious plugins. Successful exploitation hinges on the attacker’s ability to craft a malicious request and lure a victim into clicking it, often through phishing techniques or compromised websites. The blast radius is limited to the scope of actions a user can perform within the WordPress admin interface, but the consequences can be severe if an administrator account is compromised.
As of the publication date (2025-12-22), there is no indication of active exploitation of CVE-2025-62107. No public proof-of-concept (POC) code has been released. The vulnerability is currently listed with a MEDIUM severity rating based on the CVSS score. It is not listed on the CISA KEV catalog.
Websites using the PluginOps Feather Login Page plugin, particularly those with shared hosting environments or those that haven't implemented robust security practices, are at risk. Administrators who frequently use the plugin and are susceptible to phishing attacks are also a high-risk group.
• wordpress / plugin:
wp plugin list --status=inactive | grep feather-login-page• wordpress / plugin: Check plugin version in WordPress admin dashboard. • wordpress / plugin: Review WordPress access logs for suspicious requests originating from external sources targeting the plugin’s admin endpoints. • wordpress / plugin: Examine the plugin’s codebase for any missing or inadequate CSRF tokens.
disclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62107 is to immediately update the Feather Login Page plugin to a version containing the fix. If an upgrade is not feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, carefully review any recent changes made through the plugin's admin interface for signs of unauthorized activity. After upgrading, verify the fix by attempting to submit a crafted CSRF request and confirming that it is blocked.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62107 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the PluginOps Feather Login Page WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using the Feather Login Page plugin in versions 0 through 1.1.7. Update immediately to mitigate the risk.
The recommended fix is to update the Feather Login Page plugin to a version containing the security patch. Check the PluginOps website for the latest version.
As of December 22, 2025, there is no evidence of active exploitation of CVE-2025-62107, but it is crucial to apply the patch proactively.
Refer to the PluginOps website and WordPress plugin repository for the official advisory and update information regarding CVE-2025-62107.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.