CVE-2025-49345 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the mg12 WP-EasyArchives WordPress plugin, affecting all versions up to 3.1.2. The vulnerability allows an attacker to trick authenticated users into executing unwanted actions without their consent by exploiting the lack of proper CSRF protections. This can lead to stored Cross-Site Scripting (XSS), where malicious scripts are permanently injected into the website's content, potentially compromising user sessions, stealing sensitive data, or defacing the site. The CVSS 3.1 base score of 7.1 reflects a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability at a low level individually but collectively significant. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The plugin is widely used in WordPress environments to manage archive displays, making it a valuable target for attackers aiming to compromise websites through CSRF and XSS chains.

For European organizations, exploitation of this vulnerability could lead to unauthorized actions performed on their WordPress sites, including injection of malicious scripts that compromise user data, session tokens, or site integrity. This can result in data breaches, defacement, or service disruption, damaging reputation and causing regulatory compliance issues under GDPR. The vulnerability's ability to affect confidentiality, integrity, and availability means that sensitive customer or internal data could be exposed or altered. Since WordPress is widely used across Europe, especially in small to medium enterprises and public sector websites, the risk is significant. Attackers could leverage this vulnerability to pivot into more extensive network intrusions or conduct phishing campaigns using compromised sites. The lack of authentication requirements lowers the barrier for exploitation, increasing the threat level for organizations relying on this plugin.

1. Monitor for official patches or updates from mg12 and apply them immediately once released. 2. In the absence of patches, implement Web Application Firewall (WAF) rules to detect and block CSRF attack patterns targeting WP-EasyArchives. 3. Enforce strict Content Security Policies (CSP) to limit the execution of unauthorized scripts and reduce the impact of stored XSS. 4. Employ anti-CSRF tokens in forms and verify their presence server-side to prevent unauthorized requests. 5. Limit user permissions to the minimum necessary, especially for roles that can modify plugin settings or content. 6. Regularly audit and monitor WordPress logs for suspicious activities indicative of CSRF or XSS exploitation attempts. 7. Educate users about phishing and social engineering risks that could facilitate CSRF attacks. 8. Consider temporarily disabling or replacing WP-EasyArchives if immediate patching is not possible and the risk is unacceptable.