Plattform
wordpress
Komponente
simple-keyword-to-link
Behoben in
1.5.1
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Simple Keyword to Link plugin. This flaw allows attackers to potentially execute unauthorized actions on a user's account without their knowledge. The vulnerability affects versions from 0.0.0 up to and including 1.5. A fix is available in a later version.
The CSRF vulnerability in Simple Keyword to Link allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could lead to unintended changes to keyword links, potentially impacting website functionality or SEO performance. An attacker could, for example, modify existing links or create new ones without the user's consent. The blast radius is limited to the scope of actions a user can perform within the plugin, but could still cause disruption or data manipulation.
As of the publication date (2025-12-24), there is no indication of active exploitation or a public proof-of-concept. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of potential risk, warranting prompt attention and remediation.
Websites using the Simple Keyword to Link plugin, particularly those with user accounts that have administrative privileges or access to sensitive keyword link configurations, are at risk. Shared hosting environments where multiple websites share the same server resources could also be affected if one site is vulnerable and an attacker can leverage that to target other sites.
• wordpress / composer / npm:
grep -r "simple-keyword-to-link/simple-keyword-to-link.php" plugins/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/simple-keyword-to-link/simple-keyword-to-link.php | grep -i 'simple keyword to link'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68573 is to upgrade to a patched version of the Simple Keyword to Link plugin. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links. There are no specific configuration workarounds beyond standard CSRF prevention best practices. After upgrade, confirm by reviewing the plugin's settings and verifying that no unauthorized changes have been made.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle eingehend und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-68573 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–1.5 of the Simple Keyword to Link WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the Simple Keyword to Link plugin and is running version 0.0.0 through 1.5. Upgrade immediately.
Upgrade the Simple Keyword to Link plugin to a version containing the fix. If immediate upgrade is not possible, implement a WAF with CSRF protection.
As of the publication date, there is no evidence of active exploitation or public proof-of-concept for CVE-2025-68573.
Check the Simple Keyword to Link plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-68573.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.