Platform
wordpress
Component
quick-interest-slider
Fixed in
3.1.6
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Quick Interest Slider WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of data. The vulnerability impacts versions from 0.0.0 up to and including 3.1.5. A patch has been released in version 3.1.6.
Successful exploitation of this CSRF vulnerability could allow an attacker to modify settings, add or delete content, or perform other administrative actions within the Quick Interest Slider plugin, all under the context of a legitimate user's account. This could lead to defacement of the website, data breaches, or even complete compromise of the WordPress installation if the attacker can leverage the plugin's functionality to gain broader access. The impact is amplified if the plugin is used in conjunction with other sensitive functionalities on the website.
This vulnerability was publicly disclosed on 2025-12-16. No public proof-of-concept (POC) code has been identified at the time of writing. The EPSS score is currently pending evaluation, but given the public disclosure and relatively straightforward nature of CSRF attacks, a medium probability of exploitation is likely. No known active campaigns targeting this vulnerability have been reported.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade the Quick Interest Slider plugin to version 3.1.6 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing a Content Security Policy (CSP) to restrict the sources of scripts that can be executed on the website. Additionally, implement strict input validation and output encoding to prevent malicious data from being injected into the plugin's functionality. After upgrading, verify the fix by attempting to trigger a CSRF attack using a tool like Burp Suite and confirming that the request is blocked or fails.
Update to version 3.1.6, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-64237 is a Cross-Site Request Forgery vulnerability affecting the Quick Interest Slider WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Quick Interest Slider versions 0.0.0 through 3.1.5. Upgrade to 3.1.6 or later to mitigate the risk.
Upgrade the Quick Interest Slider plugin to version 3.1.6 or later. Consider implementing CSP and input validation as additional security measures.
No active exploitation campaigns have been confirmed, but the vulnerability is publicly disclosed and could be targeted.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.