平台
wordpress
组件
quick-interest-slider
修复版本
3.1.6
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Quick Interest Slider WordPress plugin. This flaw allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of data. The vulnerability impacts versions from 0.0.0 up to and including 3.1.5. A patch has been released in version 3.1.6.
Successful exploitation of this CSRF vulnerability could allow an attacker to modify settings, add or delete content, or perform other administrative actions within the Quick Interest Slider plugin, all under the context of a legitimate user's account. This could lead to defacement of the website, data breaches, or even complete compromise of the WordPress installation if the attacker can leverage the plugin's functionality to gain broader access. The impact is amplified if the plugin is used in conjunction with other sensitive functionalities on the website.
This vulnerability was publicly disclosed on 2025-12-16. No public proof-of-concept (POC) code has been identified at the time of writing. The EPSS score is currently pending evaluation, but given the public disclosure and relatively straightforward nature of CSRF attacks, a medium probability of exploitation is likely. No known active campaigns targeting this vulnerability have been reported.
Websites utilizing the Quick Interest Slider plugin, particularly those with user accounts and administrative interfaces, are at risk. Shared hosting environments where plugin updates are managed centrally are also vulnerable if they haven't applied the update. Sites with legacy WordPress configurations or those lacking robust security practices are at higher risk.
• wordpress / composer / npm:
grep -r 'quick-interest-slider/includes/quick-interest-slider.php' /var/www/html/*• wordpress / composer / npm:
wp plugin list | grep 'Quick Interest Slider'• wordpress / composer / npm:
wp plugin update quick-interest-sliderdisclosure
漏洞利用状态
EPSS
0.02% (5% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation is to upgrade the Quick Interest Slider plugin to version 3.1.6 or later, which contains the fix for this vulnerability. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider implementing a Content Security Policy (CSP) to restrict the sources of scripts that can be executed on the website. Additionally, implement strict input validation and output encoding to prevent malicious data from being injected into the plugin's functionality. After upgrading, verify the fix by attempting to trigger a CSRF attack using a tool like Burp Suite and confirming that the request is blocked or fails.
更新到 3.1.6 版本,或更新的修复版本
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-64237 is a Cross-Site Request Forgery vulnerability affecting the Quick Interest Slider WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Quick Interest Slider versions 0.0.0 through 3.1.5. Upgrade to 3.1.6 or later to mitigate the risk.
Upgrade the Quick Interest Slider plugin to version 3.1.6 or later. Consider implementing CSP and input validation as additional security measures.
No active exploitation campaigns have been confirmed, but the vulnerability is publicly disclosed and could be targeted.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。