Platform
wordpress
Component
feather-login-page
Fixed in
1.1.8
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the PluginOps Feather Login Page WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially compromising their accounts or website settings. The vulnerability affects versions from 0 up to and including 1.1.7. A patch is available, requiring users to update to a fixed version.
The CSRF vulnerability in Feather Login Page allows attackers to execute actions on behalf of authenticated users without their knowledge. This could involve changing user passwords, modifying website configurations, or even installing malicious plugins. Successful exploitation hinges on the attacker’s ability to craft a malicious request and lure a victim into clicking it, often through phishing techniques or compromised websites. The blast radius is limited to the scope of actions a user can perform within the WordPress admin interface, but the consequences can be severe if an administrator account is compromised.
As of the publication date (2025-12-22), there is no indication of active exploitation of CVE-2025-62107. No public proof-of-concept (POC) code has been released. The vulnerability is currently listed with a MEDIUM severity rating based on the CVSS score. It is not listed on the CISA KEV catalog.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62107 is to immediately update the Feather Login Page plugin to a version containing the fix. If an upgrade is not feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, carefully review any recent changes made through the plugin's admin interface for signs of unauthorized activity. After upgrading, verify the fix by attempting to submit a crafted CSRF request and confirming that it is blocked.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62107 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the PluginOps Feather Login Page WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using the Feather Login Page plugin in versions 0 through 1.1.7. Update immediately to mitigate the risk.
The recommended fix is to update the Feather Login Page plugin to a version containing the security patch. Check the PluginOps website for the latest version.
As of December 22, 2025, there is no evidence of active exploitation of CVE-2025-62107, but it is crucial to apply the patch proactively.
Refer to the PluginOps website and WordPress plugin repository for the official advisory and update information regarding CVE-2025-62107.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.