Platform
wordpress
Component
doubledome-resource-link-library
Fixed in
1.5.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Resource Library for Logged In Users plugin for WordPress. This flaw allows unauthenticated attackers to potentially perform unauthorized actions on a WordPress site if they can trick an administrator into clicking a malicious link. The vulnerability affects versions 1.0.0 through 1.5, but has been resolved in version 1.6.
The CSRF vulnerability allows an attacker to execute actions as the currently logged-in administrator. This includes the creation, modification, and deletion of resources and categories within the Resource Library. Successful exploitation could lead to unauthorized content being added to the site, sensitive data being altered, or critical resources being removed, potentially disrupting site functionality or compromising data integrity. The impact is amplified if the administrator has broad permissions within the WordPress installation.
This vulnerability is publicly known and documented. While no active exploitation campaigns have been definitively linked to CVE-2025-14354 at the time of writing, the availability of CSRF exploitation techniques makes it a potential target. The vulnerability was disclosed on 2025-12-12. No KEV listing is currently available.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade the Resource Library for Logged In Users plugin to version 1.6 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, educate administrators to be cautious of suspicious links and avoid clicking them while logged into WordPress. Regularly review WordPress user permissions to minimize the potential impact of a successful attack.
Update to version 1.6, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14354 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.0.0–1.5 of the Resource Library for Logged In Users WordPress plugin, allowing unauthorized actions.
If you are using the Resource Library for Logged In Users plugin in WordPress versions 1.0.0 through 1.5, you are potentially affected by this vulnerability.
Upgrade the Resource Library for Logged In Users plugin to version 1.6 or later to resolve the CSRF vulnerability. Consider a WAF as a temporary mitigation.
While no confirmed active exploitation campaigns are currently known, the vulnerability's nature makes it a potential target.
Refer to the plugin developer's website or the WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.