प्लेटफ़ॉर्म
adobe
घटक
animated-pixel-marquee-creator
में ठीक किया गया
1.0.1
CVE-2025-14062 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the Animated Pixel Marquee Creator plugin for WordPress. This flaw allows unauthenticated attackers to delete marquees if they can manipulate a site administrator into performing a forged action. The vulnerability impacts versions 1.0.0 and earlier, and a fix is expected to be released by the vendor.
The primary impact of this CSRF vulnerability is the unauthorized deletion of marquees within the WordPress site. An attacker could craft a malicious link that, when clicked by an administrator, triggers the deletion of marquees without the administrator's explicit consent. This could lead to data loss, disruption of site functionality, and potential defacement if marquees contain important information. While the impact is limited to the plugin's functionality, it highlights the importance of proper input validation and nonce protection in WordPress plugins.
This vulnerability was publicly disclosed on 2025-12-12. There are currently no known public proof-of-concept exploits available. The CVSS score of 4.3 (Medium) indicates a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.
WordPress sites using the Animated Pixel Marquee Creator plugin, particularly those with site administrators who are not vigilant about clicking on suspicious links, are at risk. Shared hosting environments where multiple users share the same server and WordPress installation are also potentially more vulnerable.
• wordpress / composer / npm:
grep -r 'marquee' /var/www/html/wp-content/plugins/animated-pixel-marquee-creator/• generic web:
curl -I https://example.com/wp-admin/admin-ajax.php?action=marquee_delete&marquee=X | grep -i '200 ok'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (3% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-14062 is to upgrade the Animated Pixel Marquee Creator plugin to a patched version as soon as it becomes available. Until a patch is released, consider implementing a Web Application Firewall (WAF) rule to filter out requests with missing or invalid nonces for the marquee deletion function. Additionally, restrict access to the plugin's administrative interface and educate administrators about the risks of clicking on suspicious links. Regularly review WordPress plugin installations and remove any unused or outdated plugins.
कोई ज्ञात पैच उपलब्ध नहीं है। कृपया भेद्यता (vulnerability) के विवरण की गहराई से समीक्षा करें और अपने संगठन के जोखिम सहनशीलता के आधार पर शमन (mitigations) लागू करें। प्रभावित सॉफ़्टवेयर को अनइंस्टॉल करना और एक प्रतिस्थापन खोजना सबसे अच्छा हो सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-14062 is a Cross-Site Request Forgery (CSRF) vulnerability in the Animated Pixel Marquee Creator WordPress plugin, allowing unauthorized deletion of marquees.
You are affected if you are using the Animated Pixel Marquee Creator plugin in WordPress version 1.0.0 or earlier.
Upgrade the Animated Pixel Marquee Creator plugin to the latest available version as soon as a patch is released. Implement WAF rules as a temporary workaround.
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known.
Check the plugin developer's website or the WordPress plugin repository for updates and advisories related to CVE-2025-14062.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।