Platform
wordpress
Component
formfacade
Fixed in
1.4.2
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the FormFacade WordPress plugin. This flaw allows attackers to potentially execute unauthorized actions on a user's behalf if they are logged in and visit a malicious website. The vulnerability affects versions from 0.0.0 through 1.4.1. A patch is expected to be released by the vendor.
The CSRF vulnerability in FormFacade allows an attacker to trick a logged-in user into unknowingly submitting a malicious request. This could involve creating, modifying, or deleting form data, potentially leading to data breaches or unauthorized changes to the website's functionality. The impact is amplified if the plugin handles sensitive user information or is integrated with other critical systems. Successful exploitation could compromise user accounts and website integrity.
The vulnerability was publicly disclosed on 2025-12-31. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation. Monitor security advisories and vulnerability databases for updates on exploitation activity.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for this vulnerability is to upgrade to a patched version of the FormFacade plugin as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds such as adding CSRF tokens to all form submissions. Web Application Firewalls (WAFs) can also be configured to detect and block malicious CSRF requests. Regularly review and audit form handling logic to identify and address potential vulnerabilities.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-62133 describes a Cross-Site Request Forgery (CSRF) vulnerability in the FormFacade WordPress plugin, allowing attackers to perform unauthorized actions.
If you are using FormFacade version 0.0.0 through 1.4.1, you are potentially affected by this vulnerability. Check your plugin version immediately.
Upgrade to the latest version of the FormFacade plugin as soon as a patch is released. Until then, consider implementing CSRF token protection.
As of now, there are no confirmed reports of active exploitation, but it's crucial to apply the fix promptly to prevent potential attacks.
Check the FormFacade plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-62133.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.