CVE-2025-49345 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the mg12 WP-EasyArchives WordPress plugin, affecting all versions up to 3.1.2. The vulnerability allows an attacker to trick authenticated users into executing unwanted actions on their behalf without their consent. This CSRF flaw can be leveraged to inject stored Cross-Site Scripting (XSS) payloads, which persist on the affected site and execute in the context of other users' browsers. The CVSS 3.1 base score of 7.1 reflects a high severity due to network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the vulnerable component. The impact affects confidentiality, integrity, and availability at a low to moderate level. No patches or exploit code are currently available, but the vulnerability is publicly disclosed and assigned a CVE. The plugin is widely used in WordPress environments to manage archive displays, making it a valuable target for attackers aiming to compromise websites through persistent XSS or unauthorized actions. The lack of authentication requirement and low complexity make this vulnerability attractive for exploitation once weaponized.

For European organizations, this vulnerability poses significant risks including unauthorized changes to website content, defacement, data leakage through stored XSS, and potential compromise of user sessions. Attackers could exploit the CSRF to inject malicious scripts that steal cookies, credentials, or perform actions on behalf of users, leading to reputational damage and regulatory compliance issues under GDPR. Organizations relying on WP-EasyArchives for content management may face service disruptions or data integrity issues. The broad impact on confidentiality, integrity, and availability can affect customer trust and operational continuity. Since WordPress powers a large portion of European websites, especially small to medium enterprises and public sector sites, the threat surface is considerable. The absence of known exploits currently provides a window for proactive mitigation, but the potential for rapid exploitation once exploit code is developed is high.

Immediate mitigation steps include disabling or uninstalling the WP-EasyArchives plugin until a security patch is released by the vendor. Organizations should audit their WordPress installations to identify the presence of this plugin and remove or replace it with a secure alternative. Implementing strict Content Security Policies (CSP) can help mitigate the impact of stored XSS by restricting script execution sources. Web Application Firewalls (WAFs) should be configured to detect and block CSRF attack patterns and suspicious POST requests targeting the plugin's endpoints. Enforcing multi-factor authentication (MFA) for administrative accounts reduces the risk of session hijacking. Regular security scanning and monitoring for unusual activity on WordPress sites are recommended. Finally, organizations should subscribe to vendor and security mailing lists to receive timely updates and patches.