प्लेटफ़ॉर्म
wordpress
घटक
facebook-photo-fetcher
में ठीक किया गया
3.0.5
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in JK Social Photo Fetcher, a WordPress plugin. This flaw allows attackers to potentially execute unauthorized actions on a user's account if they are tricked into clicking a malicious link. The vulnerability impacts versions from 0.0.0 up to and including 3.0.4. A patch is available to address this issue.
The CSRF vulnerability in JK Social Photo Fetcher allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user clicks on a specially crafted link, the attacker can potentially modify settings, delete data, or perform other actions as if they were the user. The impact is amplified if the user has administrative privileges, as the attacker could then gain control of the entire WordPress site. This vulnerability is similar to other CSRF flaws in WordPress plugins, where user interaction is required to trigger the attack.
This vulnerability was publicly disclosed on 2025-12-09. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is considered medium, given the relatively simple nature of CSRF attacks and the potential for widespread impact.
Websites using JK Social Photo Fetcher, particularly those with users who have administrative privileges or handle sensitive data, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'facebook-photo-fetcher' /var/www/html/wp-content/plugins/
wp plugin list | grep 'facebook-photo-fetcher'• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/facebook-photo-fetcher/ | grep -i 'facebook-photo-fetcher'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-62872 is to upgrade to a patched version of JK Social Photo Fetcher. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, ensure users are aware of the risks of clicking on untrusted links and are encouraged to verify the authenticity of any requests before submitting them. There are no specific Sigma or YARA rules available for this particular vulnerability, but generic CSRF detection rules can be applied.
कोई ज्ञात पैच उपलब्ध नहीं है। कृपया भेद्यता के विवरण की गहराई से समीक्षा करें और अपने संगठन के जोखिम सहनशीलता के आधार पर शमन उपाय अपनाएं। प्रभावित सॉफ़्टवेयर को अनइंस्टॉल करना और प्रतिस्थापन खोजना सबसे अच्छा हो सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-62872 is a Cross-Site Request Forgery (CSRF) vulnerability in the JK Social Photo Fetcher WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using JK Social Photo Fetcher versions 0.0.0 through 3.0.4. Upgrade to a patched version to resolve the issue.
Upgrade to the latest version of JK Social Photo Fetcher. If immediate upgrade is not possible, implement a WAF with CSRF protection.
There is no confirmed active exploitation of CVE-2025-62872 at this time, but the potential for exploitation exists due to the nature of CSRF vulnerabilities.
Check the official JK Social Photo Fetcher website or WordPress plugin repository for the latest advisory and patch information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।