Skip to main content

CVE-2025-47546: CWE-352 Cross-Site Request Forgery (CSRF) in AresIT WP Compress

High
VulnerabilityCVE-2025-47546cvecve-2025-47546cwe-352
Published: Wed May 07 2025 (05/07/2025, 14:20:17 UTC)
Source: CVE
Vendor/Project: AresIT
Product: WP Compress

Description

Cross-Site Request Forgery (CSRF) vulnerability in AresIT WP Compress allows Cross Site Request Forgery. This issue affects WP Compress: from n/a through 6.30.30.

AI-Powered Analysis

AILast updated: 07/05/2025, 11:26:06 UTC

Technical Analysis

CVE-2025-47546 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the AresIT WP Compress plugin for WordPress. WP Compress is a tool designed to optimize and compress images on WordPress websites to improve performance and reduce load times. The vulnerability affects versions up to 6.30.30. CSRF vulnerabilities occur when an attacker tricks an authenticated user into submitting a request that performs an unwanted action on a web application in which the user is currently authenticated. In this case, the vulnerability allows an attacker to craft malicious requests that, when executed by an authenticated administrator or user with sufficient privileges, can manipulate the WP Compress plugin's settings or operations without the user’s consent. The CVSS 3.1 base score of 7.1 (high severity) reflects that the attack vector is network-based (AV:N), requires no privileges (PR:N), but does require user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the security scope of the vulnerable component. The impact metrics indicate low confidentiality, integrity, and availability impacts individually, but combined they can lead to significant disruption or unauthorized changes. Although no known exploits are currently reported in the wild, the vulnerability’s nature and high CVSS score suggest that exploitation could lead to unauthorized modification of image compression settings, potentially degrading website performance, injecting malicious content, or disrupting normal operations. The absence of a patch link indicates that a fix may not yet be publicly available, increasing the urgency for mitigation measures.

Potential Impact

For European organizations, especially those relying on WordPress websites for business operations, marketing, or e-commerce, this vulnerability poses a significant risk. Exploitation could allow attackers to alter image compression settings, potentially causing website slowdowns, increased bandwidth usage, or degraded user experience, which can harm brand reputation and customer trust. More critically, if attackers manipulate plugin settings or inject malicious payloads via the compromised plugin, it could lead to broader website compromise, data leakage, or serve as a foothold for further attacks. Organizations in sectors such as retail, media, and government, which often use WordPress extensively, may face operational disruptions and compliance risks, particularly under GDPR regulations if personal data is exposed or website integrity is compromised. The requirement for user interaction and no privilege requirement means phishing or social engineering campaigns could be effective vectors, increasing the threat surface. The changed scope impact suggests that the vulnerability could affect other components or systems connected to the WordPress environment, amplifying potential damage.

Mitigation Recommendations

Given the lack of an official patch at this time, European organizations should implement immediate compensating controls. First, restrict administrative access to the WP Compress plugin to trusted users only and enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of unauthorized actions. Implement Content Security Policy (CSP) headers and SameSite cookie attributes to mitigate CSRF attack vectors by limiting cross-origin requests. Regularly audit and monitor WordPress logs for unusual activities related to the plugin, such as unexpected configuration changes or requests originating from suspicious sources. Educate users, especially administrators, about phishing and social engineering risks to reduce the likelihood of user interaction leading to exploitation. Consider temporarily disabling or uninstalling the WP Compress plugin if the risk outweighs its benefits until a patch is released. Additionally, employ web application firewalls (WAFs) with rules specifically designed to detect and block CSRF attempts targeting WordPress plugins. Finally, maintain an up-to-date inventory of WordPress plugins and monitor vendor communications for forthcoming patches or updates addressing this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-07T09:39:53.907Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ac4522896dcbd9203

Added to database: 5/21/2025, 9:08:42 AM

Last enriched: 7/5/2025, 11:26:06 AM

Last updated: 8/17/2025, 4:25:49 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats