CVE-2025-10376 is a medium-severity Cross-Site Request Forgery (CSRF) vulnerability identified in the Course Redirects for Learndash plugin for WordPress, affecting all versions up to and including 0.4. The root cause is the absence of nonce validation during form submission processing on the plugin's settings page. Nonces are security tokens used in WordPress to verify that requests originate from legitimate users and not from forged sources. Without this validation, an attacker can craft a malicious link or webpage that, when visited by an authenticated site administrator, triggers unauthorized changes to the plugin’s settings. This vulnerability does not require the attacker to be authenticated, but it does require the administrator to perform an action such as clicking a link, which constitutes user interaction. The impact is limited to integrity, as attackers can alter plugin configurations, potentially redirecting course content or affecting user experience. Confidentiality and availability are not directly impacted. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and limited integrity impact. No patches or exploits are currently reported, but the vulnerability is publicly disclosed as of October 2025. The plugin is used in WordPress environments that deploy Learndash for e-learning management, making educational institutions and online course providers the primary affected entities.

The primary impact of this vulnerability is the unauthorized modification of plugin settings, which can lead to misconfiguration of course redirects in Learndash environments. This can disrupt the user experience by redirecting learners to unintended or malicious pages, potentially facilitating further attacks such as phishing or malware distribution. While confidentiality and availability are not directly compromised, the integrity breach could undermine trust in the e-learning platform and cause operational disruptions. Organizations relying on this plugin may face reputational damage and user dissatisfaction. Since exploitation requires tricking an administrator, social engineering risks increase. The vulnerability affects any WordPress site using the vulnerable plugin version, which could be widespread given the popularity of WordPress and Learndash in education sectors globally. Without mitigation, attackers could leverage this flaw to manipulate course flows or redirect users to harmful content, indirectly increasing risk exposure.

To mitigate this vulnerability, organizations should immediately update the Course Redirects for Learndash plugin to a version that includes nonce validation once available. In the absence of an official patch, administrators can implement manual nonce checks in the plugin’s form processing code to ensure requests are legitimate. Additionally, restricting administrative access to trusted networks and enforcing multi-factor authentication (MFA) for admin accounts can reduce the risk of successful exploitation. Educating administrators about phishing and social engineering tactics is critical to prevent them from clicking malicious links. Web Application Firewalls (WAFs) can be configured to detect and block suspicious CSRF attempts targeting the plugin’s settings page. Regular security audits and monitoring of plugin configuration changes can help detect unauthorized modifications early. Finally, limiting the number of users with administrative privileges reduces the attack surface.