CVE-2025-12402 is a medium-severity CSRF vulnerability in the LinkedIn Resume plugin for WordPress developed by bondnono, affecting all versions up to and including 2.00. The vulnerability stems from the linkedinresume_printAdminPage() function lacking proper nonce validation, a security mechanism designed to prevent unauthorized requests. Without this validation, attackers can craft malicious requests that, when executed by an authenticated administrator (via clicking a link or visiting a malicious page), cause unauthorized changes to plugin settings or injection of malicious web scripts. This attack does not require the attacker to be authenticated but does require user interaction from an administrator. The vulnerability impacts the confidentiality and integrity of the affected WordPress site by allowing unauthorized configuration changes and potential script injection, which could lead to further exploitation such as privilege escalation or data leakage. The CVSS 3.1 score is 6.1, reflecting network-based attack vector, low complexity, no privileges required, user interaction required, and a scope change due to the potential impact beyond the vulnerable component. No patches or fixes are currently linked, and no known exploits have been observed in the wild, but the risk remains significant for sites using this plugin. The vulnerability was publicly disclosed on November 4, 2025, and was assigned by Wordfence.

The vulnerability allows attackers to perform unauthorized actions on WordPress sites running the LinkedIn Resume plugin by exploiting CSRF to manipulate plugin settings and inject malicious scripts. This can compromise site confidentiality by exposing sensitive configuration data and integrity by altering plugin behavior or injecting harmful code. While availability is not directly impacted, injected scripts could facilitate further attacks such as cross-site scripting (XSS), session hijacking, or malware distribution. Organizations relying on this plugin risk administrative account compromise and potential broader site control loss if exploited. The attack requires tricking an administrator into clicking a malicious link, which is feasible through phishing or social engineering. Given the widespread use of WordPress and the popularity of resume-related plugins, numerous websites, especially those showcasing professional profiles or recruitment portals, could be targeted. The vulnerability could also serve as a foothold for attackers to pivot into more critical infrastructure or steal user data, impacting business reputation and compliance with data protection regulations.

To mitigate this vulnerability, organizations should immediately verify if their WordPress sites use the LinkedIn Resume plugin by bondnono and identify the version installed. Since no official patch links are available, administrators should consider disabling or uninstalling the plugin until a secure update is released. If disabling is not feasible, implement web application firewall (WAF) rules to detect and block CSRF attack patterns targeting the plugin’s admin page. Additionally, enforce strict administrator browsing policies to avoid clicking untrusted links and educate admins about phishing risks. Site owners can also implement multi-factor authentication (MFA) for admin accounts to reduce the risk of session hijacking. Monitoring administrative actions and plugin settings for unexpected changes can help detect exploitation attempts. Finally, regularly check for updates from the vendor or security advisories to apply patches promptly once available.