Plataforma
wordpress
Componente
rtl-tester
Corrigido em
1.2.1
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the RTL Tester WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions within the plugin's functionality. The vulnerability affects versions from 0.0.0 up to and including 1.2. A fix is available via plugin update.
The CSRF vulnerability in RTL Tester allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user is logged into WordPress and visits a website containing a crafted CSRF request targeting RTL Tester, the attacker can execute actions as that user. This could include modifying RTL Tester settings, deleting test configurations, or potentially accessing sensitive data managed by the plugin. The blast radius is limited to the scope of actions the user has within the RTL Tester plugin itself, but successful exploitation could disrupt testing workflows or compromise data integrity.
As of the publication date (2025-12-16), there is no indication of active exploitation of CVE-2025-64239. No public proof-of-concept (POC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The medium CVSS score suggests a moderate level of potential risk, and monitoring for exploitation is recommended.
WordPress websites utilizing the RTL Tester plugin, particularly those running vulnerable versions (0.0.0–1.2), are at risk. Shared hosting environments where plugin updates are managed centrally should be prioritized for remediation. Developers integrating RTL Tester into custom WordPress themes or plugins also need to address this vulnerability.
• wordpress / composer / npm:
grep -r "rtl-tester/rtl-tester.php" /var/www/html/• wordpress / composer / npm:
wp plugin list --status=inactive | grep rtl-tester• wordpress / composer / npm:
wp plugin list | grep rtl-testerdisclosure
Status do Exploit
EPSS
0.02% (percentil 5%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-64239 is to upgrade the RTL Tester plugin to a version containing the fix. If upgrading immediately is not feasible due to compatibility concerns or testing requirements, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests containing CSRF tokens. Additionally, ensure users are educated about the risks of clicking on links from untrusted sources. After upgrading, verify the fix by attempting to trigger a CSRF request using a tool like Burp Suite and confirming that the request is blocked or fails.
Nenhum patch conhecido disponível. Por favor, revise os detalhes da vulnerabilidade em profundidade e implemente mitigações com base na tolerância ao risco da sua organização. Pode ser melhor desinstalar o software afetado e encontrar um substituto.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-64239 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the RTL Tester WordPress plugin, allowing attackers to perform unauthorized actions as logged-in users.
You are affected if your WordPress site uses RTL Tester version 0.0.0 through 1.2. Check your plugin versions and update immediately.
Upgrade the RTL Tester plugin to the latest available version, which contains the fix for this CSRF vulnerability. Consider WAF rules as a temporary workaround.
As of December 16, 2025, there is no evidence of active exploitation, but monitoring is recommended.
Check the RTL Tester plugin's official website or WordPress plugin repository for the advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.