Skip to main content

CVE-2025-5924: CWE-352 Cross-Site Request Forgery (CSRF) in skywaveinfo WP Firebase Push Notification

Medium
VulnerabilityCVE-2025-5924cvecve-2025-5924cwe-352
Published: Fri Jul 04 2025 (07/04/2025, 01:44:05 UTC)
Source: CVE Database V5
Vendor/Project: skywaveinfo
Product: WP Firebase Push Notification

Description

The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AI-Powered Analysis

AILast updated: 07/04/2025, 02:43:25 UTC

Technical Analysis

CVE-2025-5924 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the WP Firebase Push Notification plugin for WordPress, developed by skywaveinfo. This vulnerability affects all versions up to and including 1.2.0. The root cause is the absence or incorrect implementation of nonce validation in the function wfpn_brodcast_notification_message(). Nonces in WordPress are security tokens used to verify that requests originate from legitimate users and not from malicious third parties. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated site administrator (e.g., by clicking a link), triggers the sending of broadcast notifications without the administrator's consent. This attack does not require the attacker to be authenticated themselves but relies on social engineering to induce the administrator to perform an action. The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction. The impact is limited to integrity, as attackers can send unauthorized notifications, potentially misleading users or causing reputational damage, but confidentiality and availability are not directly affected. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability is categorized under CWE-352, which is a common web application security weakness related to CSRF attacks.

Potential Impact

For European organizations using WordPress sites with the WP Firebase Push Notification plugin, this vulnerability could allow attackers to send unauthorized broadcast notifications. These notifications could be used to spread misinformation, phishing links, or malicious content to site visitors or subscribers, potentially damaging the organization's reputation and trustworthiness. Although the vulnerability does not directly compromise sensitive data or system availability, the integrity of communications is at risk. This could be particularly impactful for organizations in sectors such as media, e-commerce, government, and public services, where notification integrity is critical. Additionally, regulatory frameworks like GDPR emphasize the protection of user trust and data integrity, so misuse of notifications could lead to compliance scrutiny if it results in user harm or data misuse. The requirement for user interaction (administrator clicking a link) means that targeted social engineering campaigns could be employed against site administrators, increasing the risk for organizations with less security-aware staff.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should immediately audit their WordPress installations to identify the presence and version of the WP Firebase Push Notification plugin. If the plugin is in use and at or below version 1.2.0, organizations should consider disabling the plugin until a secure update is available. Administrators should be trained to recognize and avoid suspicious links or requests, especially those that could trigger administrative actions. Implementing multi-factor authentication (MFA) for WordPress admin accounts can reduce the risk of unauthorized access following social engineering. Additionally, organizations can deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests targeting the vulnerable function. Monitoring administrative actions and notification logs for unusual activity can help detect exploitation attempts. Finally, organizations should follow skywaveinfo's updates closely and apply patches as soon as they are released.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-09T14:22:14.918Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68673b5e6f40f0eb729e5f90

Added to database: 7/4/2025, 2:24:30 AM

Last enriched: 7/4/2025, 2:43:25 AM

Last updated: 7/7/2025, 3:10:03 PM

Views: 3

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats