CVE-2025-10376 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Course Redirects for Learndash plugin for WordPress, a tool used to manage course redirection settings within the Learndash e-learning ecosystem. The vulnerability exists in all versions up to and including 0.4 due to the absence of nonce validation when processing form submissions on the plugin's settings page. Nonce validation is a security measure that ensures that requests to change settings originate from legitimate users and not from forged requests. Because this validation is missing, an attacker can craft a malicious link or webpage that, when visited by an authenticated site administrator, causes the administrator’s browser to unknowingly submit a request that modifies the plugin’s settings. This attack vector requires user interaction (clicking a link) but no prior authentication by the attacker, making it a significant risk for sites where administrators might be targeted via phishing or social engineering. The vulnerability impacts the integrity of the plugin’s configuration but does not expose confidential data or disrupt availability. The CVSS 3.1 score of 4.3 reflects a medium severity, with an attack vector of network, low attack complexity, no privileges required, user interaction needed, and limited impact on integrity only. No public exploits have been reported, but the vulnerability is published and should be addressed promptly to prevent potential misuse.

For European organizations, the primary impact of this vulnerability is the unauthorized modification of plugin settings, which could lead to misconfiguration of course redirection behavior in e-learning platforms. This may result in users being redirected to unintended or malicious sites, potentially facilitating further attacks such as phishing or malware distribution. While confidentiality and availability are not directly affected, the integrity compromise could undermine trust in the e-learning environment and disrupt user experience. Organizations relying on Learndash and this plugin for critical training or compliance programs may face operational disruptions or reputational damage. Additionally, attackers could leverage this vulnerability as a foothold for more complex attacks if combined with other vulnerabilities or social engineering tactics. The risk is heightened in environments where administrators have elevated privileges and may be targeted via spear-phishing campaigns. Given the widespread use of WordPress and e-learning platforms in Europe, the vulnerability poses a tangible risk to educational institutions, corporate training departments, and other organizations using Learndash.

To mitigate this vulnerability, organizations should first check for updates or patches from the plugin vendor and apply them immediately once available. In the absence of an official patch, administrators should implement nonce validation in the plugin’s form processing code to ensure requests are legitimate. Restrict access to the plugin’s settings page strictly to trusted administrators and consider implementing multi-factor authentication (MFA) for admin accounts to reduce the risk of account compromise. Educate administrators about the risks of phishing and social engineering attacks, emphasizing caution when clicking on unsolicited links. Employ web application firewalls (WAFs) with rules to detect and block suspicious CSRF attempts targeting the plugin’s endpoints. Regularly audit plugin configurations and monitor logs for unauthorized changes. Where possible, isolate the WordPress environment hosting Learndash to minimize exposure. Finally, consider alternative plugins with better security track records if timely patching is not feasible.