Platform
wordpress
Component
easyindex
Fixed in
1.1.1705
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the EasyIndex WordPress plugin. This flaw allows an attacker to perform unauthorized actions on a user's account if they are tricked into visiting a malicious website. The vulnerability affects versions from 0.0.0 up to and including 1.1.1704. A patch is available to resolve this issue.
The CSRF vulnerability in EasyIndex allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user is logged into a WordPress site with the EasyIndex plugin installed and visits a website containing a crafted CSRF attack, the attacker could potentially modify settings, create or delete content, or perform other actions as if they were the user. The impact is amplified if the targeted user has administrative privileges, potentially granting the attacker full control over the WordPress site. This could lead to data breaches, website defacement, or even complete compromise of the system.
As of the publication date (2025-12-31), there is no indication of active exploitation of CVE-2025-62117. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate risk, and its impact depends on the prevalence of the EasyIndex plugin and the security practices of WordPress site administrators.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-62117 is to upgrade the EasyIndex plugin to a version containing the fix. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests containing CSRF tokens. Additionally, educate users about the risks of clicking on untrusted links and entering sensitive information on unfamiliar websites. Verify the upgrade by attempting to perform an action that requires administrative privileges after the update and confirming that it is not possible without proper authentication.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62117 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the EasyIndex WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the EasyIndex plugin in versions 0.0.0 through 1.1.1704. Upgrade immediately.
Upgrade the EasyIndex plugin to a patched version. If immediate upgrade is not possible, implement WAF rules and educate users.
As of the publication date, there is no evidence of active exploitation or public proof-of-concept code.
Refer to the EasyIndex plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.