WordPress DoFollow Case by Case प्लगइन <= 3.5.1 - क्रॉस साइट रिक्वेस्ट फोर्जरी (CSRF) भेद्यता
प्लेटफ़ॉर्म
wordpress
घटक
dofollow-case-by-case
में ठीक किया गया
3.5.2
CVE-2025-62102 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the DoFollow Case by Case WordPress plugin. This flaw allows an attacker to potentially execute unauthorized actions on a user's account without their knowledge or consent. The vulnerability impacts versions from 0.0.0 through 3.5.1, but a fix is available in version 3.6.0.
इस CVE को अपने प्रोजेक्ट में पहचानें
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
A successful CSRF attack could allow an attacker to manipulate user data, change settings, or perform other actions as if they were the legitimate user. This could lead to account compromise, data breaches, or unauthorized modifications to the website's functionality. The impact is amplified if the affected user has administrative privileges, potentially granting the attacker control over the entire WordPress site. While the CVSS score is medium, the ease of exploitation and potential for significant impact make this a concerning vulnerability.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2025-62102 was publicly disclosed on December 9, 2025. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The medium CVSS score suggests a moderate probability of exploitation, particularly if the plugin is widely used and the affected versions are still in active deployment.
कौन जोखिम में हैअनुवाद हो रहा है…
Websites using the DoFollow Case by Case plugin, particularly those running older versions (0.0.0–3.5.1), are at risk. Shared hosting environments where plugin updates are managed centrally are also particularly vulnerable, as they may not be immediately updated when a new version is released.
पहचान के चरणअनुवाद हो रहा है…
• wordpress / composer / npm:
grep -r "dofollow-case-by-case" /var/www/html/• wordpress / composer / npm:
wp plugin list | grep dofollow-case-by-case• wordpress / composer / npm:
wp plugin update dofollow-case-by-caseहमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- नेटवर्क — इंटरनेट के माध्यम से दूरस्थ रूप से शोषण योग्य। कोई भौतिक या स्थानीय पहुंच आवश्यक नहीं।
- Attack Complexity
- निम्न — कोई विशेष शर्त नहीं। विश्वसनीय रूप से शोषण योग्य।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- आवश्यक — पीड़ित को फ़ाइल खोलनी, लिंक पर क्लिक करना या पेज पर जाना होगा।
- Scope
- अपरिवर्तित — प्रभाव केवल कमज़ोर घटक तक सीमित।
- Confidentiality
- कोई नहीं — गोपनीयता पर कोई प्रभाव नहीं।
- Integrity
- निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
- Availability
- कोई नहीं — उपलब्धता पर कोई प्रभाव नहीं।
प्रभावित सॉफ्टवेयर
पैकेज जानकारी
- सक्रिय इंस्टॉलेशन
- 1Kआला
- प्लगइन रेटिंग
- 4.0
- WordPress आवश्यक
- 4.0+
- संगत संस्करण तक
- 6.9.4
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- संशोधित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2025-62102 is to immediately upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links or visiting untrusted websites. Implement a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further reducing the attack surface. After upgrading, verify the fix by attempting to trigger a CSRF attack using a known payload and confirming that the action is blocked.
कैसे ठीक करें
संस्करण 3.6.0 में अपडेट करें, या एक नया पैच किया गया संस्करण
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2025-62102 — CSRF in DoFollow Case by Case?
CVE-2025-62102 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the DoFollow Case by Case WordPress plugin, allowing attackers to perform unauthorized actions.
Am I affected by CVE-2025-62102 in DoFollow Case by Case?
You are affected if you are using DoFollow Case by Case plugin versions 0.0.0 through 3.5.1. Upgrade to 3.6.0 or later to mitigate the risk.
How do I fix CVE-2025-62102 in DoFollow Case by Case?
Upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. Consider WAF rules and user education as additional safeguards.
Is CVE-2025-62102 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Where can I find the official DoFollow Case by Case advisory for CVE-2025-62102?
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and update information.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।