Plattform
wordpress
Komponente
easyindex
Behoben in
1.1.1705
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the EasyIndex WordPress plugin. This flaw allows an attacker to perform unauthorized actions on a user's account if they are tricked into visiting a malicious website. The vulnerability affects versions from 0.0.0 up to and including 1.1.1704. A patch is available to resolve this issue.
The CSRF vulnerability in EasyIndex allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user is logged into a WordPress site with the EasyIndex plugin installed and visits a website containing a crafted CSRF attack, the attacker could potentially modify settings, create or delete content, or perform other actions as if they were the user. The impact is amplified if the targeted user has administrative privileges, potentially granting the attacker full control over the WordPress site. This could lead to data breaches, website defacement, or even complete compromise of the system.
As of the publication date (2025-12-31), there is no indication of active exploitation of CVE-2025-62117. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate risk, and its impact depends on the prevalence of the EasyIndex plugin and the security practices of WordPress site administrators.
WordPress websites utilizing the EasyIndex plugin, particularly those running vulnerable versions (0.0.0–1.1.1704), are at risk. Shared hosting environments where plugin updates are not managed by the user are also particularly vulnerable.
• wordpress / composer / npm:
grep -r 'easyindex_settings' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep easyindex• wordpress / composer / npm:
wp plugin update easyindexdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-62117 is to upgrade the EasyIndex plugin to a version containing the fix. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests containing CSRF tokens. Additionally, educate users about the risks of clicking on untrusted links and entering sensitive information on unfamiliar websites. Verify the upgrade by attempting to perform an action that requires administrative privileges after the update and confirming that it is not possible without proper authentication.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62117 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the EasyIndex WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the EasyIndex plugin in versions 0.0.0 through 1.1.1704. Upgrade immediately.
Upgrade the EasyIndex plugin to a patched version. If immediate upgrade is not possible, implement WAF rules and educate users.
As of the publication date, there is no evidence of active exploitation or public proof-of-concept code.
Refer to the EasyIndex plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.