CVE-2025-10376 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Course Redirects for Learndash plugin for WordPress, affecting all versions up to and including 0.4. The vulnerability stems from the plugin's failure to implement nonce validation on form submissions within its settings page. Nonces are security tokens used to verify that requests originate from legitimate users and not from malicious third-party sites. Without this validation, an attacker can craft a malicious web page or email containing a forged request that, when an authenticated site administrator interacts with it (e.g., by clicking a link), causes unintended changes to the plugin’s configuration. This can lead to unauthorized modification of course redirect settings, potentially altering user navigation or access flows within the LMS environment. The CVSS v3.1 score of 4.3 reflects a medium severity, with the vector indicating network attack vector, low attack complexity, no privileges required, but user interaction necessary, and impact limited to integrity (no confidentiality or availability impact). The vulnerability does not require authentication but depends on social engineering to trick an administrator. Currently, no public exploits or patches have been reported, but the risk remains significant for sites with exposed administrative interfaces. Given the widespread use of WordPress and Learndash in e-learning platforms, this vulnerability could be leveraged to disrupt course management or redirect users to malicious content if exploited.

For European organizations, the impact primarily concerns the integrity of their e-learning platform configurations. Unauthorized changes to course redirects could mislead users, potentially exposing them to phishing or malware sites, or disrupting the learning experience. While confidentiality and availability are not directly affected, the trustworthiness and operational reliability of LMS platforms could be compromised. This may lead to reputational damage, user dissatisfaction, and potential compliance issues, especially for institutions bound by data protection regulations like GDPR if user data is indirectly exposed through redirected malicious content. Organizations relying heavily on WordPress-based LMS solutions, particularly those using the Learndash plugin with the vulnerable Course Redirects add-on, face increased risk. The attack requires social engineering to succeed, so organizations with less mature security awareness programs for administrators are more vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often develop exploits after public disclosure.

Immediate mitigation involves restricting administrative access to trusted personnel and enforcing multi-factor authentication (MFA) for WordPress admin accounts to reduce the risk of compromised credentials. Administrators should be trained to recognize phishing attempts and avoid clicking on suspicious links. Since no official patch is currently available, organizations can implement web application firewall (WAF) rules to detect and block suspicious POST requests to the plugin’s settings page. Additionally, site owners can manually add nonce validation to the plugin’s form processing code if feasible, or temporarily disable the Course Redirects feature until a patch is released. Regular backups of WordPress configurations and databases should be maintained to enable quick restoration if unauthorized changes occur. Monitoring administrative actions and plugin settings for unexpected changes can help detect exploitation attempts early. Finally, organizations should subscribe to security advisories from the plugin vendor and WordPress security communities to apply patches promptly once released.