Platform
wordpress
Component
bmlt-wordpress-satellite-plugin
Opgelost in
3.11.5
3.11.5
A Cross-Site Request Forgery (CSRF) vulnerability exists in the BMLT WordPress Satellite plugin for WordPress. This flaw, present in versions up to and including 3.11.4, stems from insufficient nonce validation during the creation and deletion of plugin options. Successful exploitation allows unauthenticated attackers to manipulate plugin settings by tricking a site administrator into performing malicious actions.
The primary impact of this CSRF vulnerability is the ability for an attacker to modify the BMLT WordPress Satellite plugin's configuration without authentication. By crafting malicious links or forms, an attacker can induce a site administrator to unknowingly execute actions that create or delete plugin options. This could lead to unauthorized changes in plugin behavior, potentially impacting site functionality or exposing sensitive data. While the direct data at risk is limited to plugin-specific settings, the ability to alter plugin behavior could have broader consequences depending on the plugin's functionality and integration with other site components. This vulnerability shares similarities with other CSRF exploits where user interaction is required to trigger the malicious action.
CVE-2025-14162 was publicly disclosed on December 11, 2025. There is no indication of this vulnerability being actively exploited in the wild at this time. The EPSS score is likely to be low to medium, given the requirement for user interaction (tricking an administrator) and the relatively limited scope of potential impact. No public proof-of-concept exploits have been identified as of the disclosure date.
WordPress websites utilizing the BMLT WordPress Satellite plugin, particularly those with administrator accounts that are not adequately protected with strong passwords and multi-factor authentication, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'BMLTPlugin_create_option' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep BMLT• wordpress / composer / npm:
wp plugin update --all• generic web: Check for suspicious URLs containing plugin-specific parameters in access logs. • generic web: Inspect HTTP requests for unexpected POST requests targeting plugin endpoints.
disclosure
Exploit Status
EPSS
0.02% (3% percentiel)
CISA SSVC
CVSS-vector
The recommended mitigation is to immediately upgrade the BMLT WordPress Satellite plugin to a version newer than 3.11.4, where the vulnerability has been addressed. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, ensure that all administrator accounts have strong, unique passwords and that multi-factor authentication is enabled. Regularly review plugin settings for any unauthorized modifications. There are no specific Sigma or YARA rules readily available for this particular vulnerability, but generic CSRF detection rules can be applied.
Geen bekende patch beschikbaar. Bestudeer de details van de kwetsbaarheid grondig en pas mitigaties toe op basis van de risicotolerantie van uw organisatie. Het kan het beste zijn om de getroffen software te verwijderen en een vervanging te zoeken.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-14162 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the BMLT WordPress Satellite plugin versions up to 3.11.4, allowing attackers to manipulate plugin settings.
You are affected if your WordPress site uses the BMLT WordPress Satellite plugin version 3.11.4 or earlier. Upgrade to a patched version to resolve the vulnerability.
Upgrade the BMLT WordPress Satellite plugin to a version newer than 3.11.4. Consider implementing a WAF and enabling multi-factor authentication for administrator accounts as interim measures.
As of December 11, 2025, there is no public evidence of CVE-2025-14162 being actively exploited in the wild.
Refer to the BMLT WordPress Satellite plugin's official website or WordPress plugin repository for the latest advisory and update information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.