WordPress DoFollow Case by Case plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) kwetsbaarheid
Platform
wordpress
Component
dofollow-case-by-case
Opgelost in
3.5.2
CVE-2025-62102 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the DoFollow Case by Case WordPress plugin. This flaw allows an attacker to potentially execute unauthorized actions on a user's account without their knowledge or consent. The vulnerability impacts versions from 0.0.0 through 3.5.1, but a fix is available in version 3.6.0.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
A successful CSRF attack could allow an attacker to manipulate user data, change settings, or perform other actions as if they were the legitimate user. This could lead to account compromise, data breaches, or unauthorized modifications to the website's functionality. The impact is amplified if the affected user has administrative privileges, potentially granting the attacker control over the entire WordPress site. While the CVSS score is medium, the ease of exploitation and potential for significant impact make this a concerning vulnerability.
Uitbuitingscontextwordt vertaald…
CVE-2025-62102 was publicly disclosed on December 9, 2025. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. The medium CVSS score suggests a moderate probability of exploitation, particularly if the plugin is widely used and the affected versions are still in active deployment.
Wie Loopt Risicowordt vertaald…
Websites using the DoFollow Case by Case plugin, particularly those running older versions (0.0.0–3.5.1), are at risk. Shared hosting environments where plugin updates are managed centrally are also particularly vulnerable, as they may not be immediately updated when a new version is released.
Detectiestappenwordt vertaald…
• wordpress / composer / npm:
grep -r "dofollow-case-by-case" /var/www/html/• wordpress / composer / npm:
wp plugin list | grep dofollow-case-by-case• wordpress / composer / npm:
wp plugin update dofollow-case-by-caseAanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.02% (5% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Geen — geen vertrouwelijkheidsimpact.
- Integrity
- Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Pakketinformatie
- Actieve installaties
- 1KNiche
- Plugin-beoordeling
- 4.0
- Vereist WordPress
- 4.0+
- Compatibel tot
- 6.9.4
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2025-62102 is to immediately upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. Additionally, ensure that users are educated about the risks of clicking on suspicious links or visiting untrusted websites. Implement a Content Security Policy (CSP) to restrict the sources from which the browser can load resources, further reducing the attack surface. After upgrading, verify the fix by attempting to trigger a CSRF attack using a known payload and confirming that the action is blocked.
Hoe te verhelpen
Update naar versie 3.6.0, of een nieuwere gepatchte versie
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2025-62102 — CSRF in DoFollow Case by Case?
CVE-2025-62102 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the DoFollow Case by Case WordPress plugin, allowing attackers to perform unauthorized actions.
Am I affected by CVE-2025-62102 in DoFollow Case by Case?
You are affected if you are using DoFollow Case by Case plugin versions 0.0.0 through 3.5.1. Upgrade to 3.6.0 or later to mitigate the risk.
How do I fix CVE-2025-62102 in DoFollow Case by Case?
Upgrade the DoFollow Case by Case plugin to version 3.6.0 or later. Consider WAF rules and user education as additional safeguards.
Is CVE-2025-62102 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Where can I find the official DoFollow Case by Case advisory for CVE-2025-62102?
Refer to the plugin developer's website or the WordPress plugin repository for the official advisory and update information.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.