プラットフォーム
wordpress
コンポーネント
simple-keyword-to-link
修正版
1.5.1
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Simple Keyword to Link plugin. This flaw allows attackers to potentially execute unauthorized actions on a user's account without their knowledge. The vulnerability affects versions from 0.0.0 up to and including 1.5. A fix is available in a later version.
The CSRF vulnerability in Simple Keyword to Link allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation could lead to unintended changes to keyword links, potentially impacting website functionality or SEO performance. An attacker could, for example, modify existing links or create new ones without the user's consent. The blast radius is limited to the scope of actions a user can perform within the plugin, but could still cause disruption or data manipulation.
As of the publication date (2025-12-24), there is no indication of active exploitation or a public proof-of-concept. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of potential risk, warranting prompt attention and remediation.
Websites using the Simple Keyword to Link plugin, particularly those with user accounts that have administrative privileges or access to sensitive keyword link configurations, are at risk. Shared hosting environments where multiple websites share the same server resources could also be affected if one site is vulnerable and an attacker can leverage that to target other sites.
• wordpress / composer / npm:
grep -r "simple-keyword-to-link/simple-keyword-to-link.php" plugins/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/simple-keyword-to-link/simple-keyword-to-link.php | grep -i 'simple keyword to link'disclosure
エクスプロイト状況
EPSS
0.02% (6% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-68573 is to upgrade to a patched version of the Simple Keyword to Link plugin. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links. There are no specific configuration workarounds beyond standard CSRF prevention best practices. After upgrade, confirm by reviewing the plugin's settings and verifying that no unauthorized changes have been made.
既知の修正パッチはありません。脆弱性の詳細を詳細に検討し、組織のリスク許容度に基づいて軽減策を実施してください。影響を受けるソフトウェアをアンインストールし、代替手段を見つけるのが最善かもしれません。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-68573 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 0.0.0–1.5 of the Simple Keyword to Link WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses the Simple Keyword to Link plugin and is running version 0.0.0 through 1.5. Upgrade immediately.
Upgrade the Simple Keyword to Link plugin to a version containing the fix. If immediate upgrade is not possible, implement a WAF with CSRF protection.
As of the publication date, there is no evidence of active exploitation or public proof-of-concept for CVE-2025-68573.
Check the Simple Keyword to Link plugin's official website or WordPress plugin repository for updates and security advisories related to CVE-2025-68573.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。