Plateforme
wordpress
Composant
codeflavors-vimeo-video-post-lite
Corrigé dans
2.3.6
CVE-2025-68584 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the Vimeotheque WordPress plugin. This flaw allows an attacker to potentially execute unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability impacts versions of Vimeotheque from 0.0.0 through 2.3.5.2, and a fix is available in version 2.3.6.
A successful CSRF attack can lead to various malicious actions depending on the plugin's functionality and user permissions. An attacker could potentially modify video settings, delete videos, or even gain administrative access if the plugin has elevated privileges. The blast radius is limited to users of the Vimeotheque plugin, but the impact on individual users or websites could be significant if sensitive video content or configurations are compromised. This vulnerability highlights the importance of proper CSRF protection in WordPress plugins to prevent unauthorized modifications.
CVE-2025-68584 was published on 2025-12-24. No public proof-of-concept (POC) code has been identified as of this date. The vulnerability's severity is rated as MEDIUM (4.3 CVSS). It is not currently listed on the CISA KEV catalog, and there are no reports of active exploitation campaigns.
Websites utilizing the Vimeotheque WordPress plugin, particularly those with user accounts and video content, are at risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable until the plugin is updated across all instances.
• wordpress / composer / npm:
grep -r 'vimeotheque/vimeotheque.php' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep Vimeotheque• wordpress / composer / npm:
wp plugin update --alldisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 6%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-68584 is to upgrade the Vimeotheque plugin to version 2.3.6 or later. If immediate upgrading is not possible, implement temporary workarounds such as enabling a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that all user input is carefully validated and sanitized to prevent malicious requests. Consider implementing nonce-based CSRF protection within the plugin's code if feasible. After upgrading, verify the fix by attempting to trigger a CSRF attack and confirming that the action is blocked.
Mettre à jour vers la version 2.3.6, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-68584 is a Cross-Site Request Forgery (CSRF) vulnerability in the Vimeotheque WordPress plugin, allowing attackers to perform unauthorized actions if users click malicious links.
You are affected if you are using Vimeotheque versions 0.0.0 through 2.3.5.2. Upgrade to 2.3.6 to resolve the issue.
Upgrade the Vimeotheque plugin to version 2.3.6. As a temporary workaround, implement a WAF with CSRF protection or carefully validate user input.
There are currently no reports of active exploitation campaigns for CVE-2025-68584, but it's crucial to apply the fix promptly.
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.