Plataforma
wordpress
Componente
dofollow-case-by-case
Corregido en
3.5.2
CVE-2025-62102 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the DoFollow Case by Case WordPress plugin. This flaw allows an attacker to potentially execute unauthorized actions on a user's account without their knowledge or consent. The vulnerability impacts versions from 0.0.0 through 3.5.1, but a fix is available in version 3.6.0.
A successful CSRF attack could allow an attacker to manipulate user data, change settings, or perform other actions as if they were the legitimate user. This could lead to account compromise, data breaches, or unauthorized modifications to the website's functionality. The impact is amplified if the affected user has administrative privileges, potentially granting the attacker control over the entire WordPress site. While the CVSS score is medium, the ease of exploitation and potential for significant impact make this a concerning vulnerability.
CVE-2025-62102 was publicly disclosed on December 9, 2025. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The medium CVSS score suggests a moderate probability of exploitation, particularly if the plugin is widely used and the affected versions are still in active deployment.
Websites using the DoFollow Case by Case plugin, particularly those running older versions (0.0.0–3.5.1), are at risk. Shared hosting environments where plugin updates are managed centrally are also particularly vulnerable, as they may not be immediately updated when a new version is released.
• wordpress / composer / npm:
grep -r "dofollow-case-by-case" /var/www/html/• wordpress / composer / npm:
wp plugin list | grep dofollow-case-by-case• wordpress / composer / npm:
wp plugin update dofollow-case-by-casedisclosure
Estado del Exploit
EPSS
0.02% (5% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-62102 is to immediately upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links or visiting untrusted websites. Implement a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further reducing the attack surface. After upgrading, verify the fix by attempting to trigger a CSRF attack using a known payload and confirming that the action is blocked.
Actualizar a la versión 3.6.0, o una versión parcheada más reciente
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-62102 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the DoFollow Case by Case WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using DoFollow Case by Case plugin versions 0.0.0 through 3.5.1. Upgrade to 3.6.0 or later to mitigate the risk.
Upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. Consider WAF rules and user education as additional safeguards.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and update information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.