CVE-2025-62103 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the wpmediadownload Media Library File Download WordPress plugin, affecting versions up to and including 1.4. CSRF vulnerabilities allow attackers to induce authenticated users to execute unwanted actions on a web application in which they are currently authenticated. In this case, the vulnerability enables an attacker to cause a user to initiate unauthorized file downloads from the media library without their explicit consent. The vulnerability does not require the attacker to have any privileges or authentication, but it does require the victim to interact with a crafted malicious link or webpage (user interaction). The CVSS v3.1 base score is 4.3 (medium), reflecting a network attack vector with low complexity, no privileges required, but requiring user interaction. The impact is limited to confidentiality as unauthorized file downloads could expose sensitive data; however, integrity and availability are not affected. No known exploits have been reported in the wild, and no patches or fixes are currently linked, indicating the need for vigilance and proactive mitigation. The vulnerability arises from the plugin’s failure to implement proper anti-CSRF protections such as nonce verification or token validation on the file download action, making it susceptible to CSRF attacks. Given the widespread use of WordPress and its plugins across various sectors, this vulnerability could be leveraged to exfiltrate sensitive files from compromised sites.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive or confidential files stored within WordPress media libraries using the affected plugin. This could lead to data breaches, loss of intellectual property, or exposure of personal data protected under GDPR, potentially resulting in regulatory penalties and reputational damage. The impact is primarily on confidentiality, as attackers can trick users into downloading files without their knowledge. Although the vulnerability does not affect system integrity or availability, the unauthorized data exposure could facilitate further attacks or social engineering campaigns. Organizations in sectors such as government, finance, healthcare, and media, which often rely on WordPress for content management and may store sensitive files in media libraries, are particularly at risk. The lack of known exploits in the wild currently reduces immediate risk, but the ease of exploitation and the common use of the plugin warrant prompt attention.

1. Monitor for and apply security patches or updates from the wpmediadownload plugin developers as soon as they become available. 2. If patches are not yet available, consider temporarily disabling the Media Library File Download plugin or restricting its use to trusted administrators only. 3. Implement web application firewall (WAF) rules to detect and block suspicious CSRF attack patterns targeting the plugin’s download functionality. 4. Enforce strict Content Security Policy (CSP) and SameSite cookie attributes to reduce the risk of CSRF exploitation. 5. Educate users about the risks of clicking on untrusted links and encourage cautious browsing behavior. 6. Review and harden WordPress site security configurations, including limiting plugin installations to those from trusted sources and regularly auditing plugin usage. 7. Employ security plugins that add CSRF protection or nonce verification if custom development is feasible. 8. Conduct regular security assessments and penetration testing focusing on WordPress plugins and their interactions.