Platform
wordpress
Component
simple-keyword-to-link
Fixed in
1.5.1
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Simple Keyword to Link plugin. This flaw allows attackers to potentially execute unauthorized actions on a user's account without their knowledge. The vulnerability affects versions from 0.0.0 up to and including 1.5. A fix is available in a later version.
The CSRF vulnerability in Simple Keyword to Link allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could lead to unintended changes to keyword links, potentially impacting website functionality or SEO performance. An attacker could, for example, modify existing links or create new ones without the user's consent. The blast radius is limited to the scope of actions a user can perform within the plugin, but could still cause disruption or data manipulation.
As of the publication date (2025-12-24), there is no indication of active exploitation or a public proof-of-concept. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of potential risk, warranting prompt attention and remediation.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-68573 is to upgrade to a patched version of the Simple Keyword to Link plugin. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links. There are no specific configuration workarounds beyond standard CSRF prevention best practices. After upgrade, confirm by reviewing the plugin's settings and verifying that no unauthorized changes have been made.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68573 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–1.5 of the Simple Keyword to Link WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the Simple Keyword to Link plugin and is running version 0.0.0 through 1.5. Upgrade immediately.
Upgrade the Simple Keyword to Link plugin to a version containing the fix. If immediate upgrade is not possible, implement a WAF with CSRF protection.
As of the publication date, there is no evidence of active exploitation or public proof-of-concept for CVE-2025-68573.
Check the Simple Keyword to Link plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-68573.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.