Platform
wordpress
Component
pardakht-delkhah
Fixed in
3.0.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Pardakht Delkhah WordPress plugin, impacting versions from 0 up to and including 3.0.0. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. The vulnerability was publicly disclosed on December 31, 2025, and a fix is available in a later version of the plugin.
The CSRF vulnerability in Pardakht Delkhah allows an attacker to execute actions on behalf of a logged-in user without their knowledge or consent. This could involve modifying user profiles, changing plugin settings, or even executing arbitrary code if the plugin has insufficient input validation. Successful exploitation hinges on the attacker's ability to craft malicious requests that are triggered by a victim visiting a compromised website or clicking a crafted link. The potential blast radius is significant, as any user with access to the WordPress admin panel is a potential target.
While no public proof-of-concept (PoC) has been released as of the disclosure date, the CSRF vulnerability is well-understood and easily exploitable. The vulnerability is not currently listed on CISA KEV, and there are no reports of active exploitation campaigns. However, given the ease of exploitation and the wide use of WordPress plugins, it is likely that attackers will begin targeting this vulnerability soon.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62101 is to upgrade the Pardakht Delkhah plugin to a version that includes the security fix. If upgrading immediately is not feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious CSRF tokens. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious data from being processed. Implement a Content Security Policy (CSP) to restrict the sources from which scripts can be executed, further reducing the attack surface.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62101 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Pardakht Delkhah WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Pardakht Delkhah plugin versions 0 through 3.0.0. Check your plugin versions and update immediately.
Upgrade the Pardakht Delkhah plugin to a version containing the security fix. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
There are currently no confirmed reports of active exploitation, but the vulnerability is easily exploitable and may become a target.
Refer to the Pardakht Delkhah plugin repository or the WordPress plugin directory for official advisories and updates related to CVE-2025-62101.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.