CVE-2025-31769 describes a Cross-Site Request Forgery (CSRF) vulnerability in the NiteoThemes CLP – Custom Login Page plugin for WordPress, affecting versions up to 1.5.5. CSRF vulnerabilities enable attackers to induce authenticated users to perform unwanted actions without their consent. The vulnerability is rated medium severity with a CVSS 3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact. No patch or vendor advisory is currently provided, and no exploits are known in the wild.

The impact of this vulnerability is limited to potential unauthorized actions performed via CSRF attacks, which may lead to low integrity impact on the affected system. There is no confidentiality or availability impact reported. Since user interaction is required, exploitation depends on tricking an authenticated user into submitting malicious requests. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with user interactions and consider implementing CSRF protections or workarounds if possible. Monitor the vendor's communications for updates on patches or mitigations.