CVE-2025-8103: CWE-352 Cross-Site Request Forgery (CSRF) in etruel WPeMatico RSS Feed Fetcher
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-8103: CWE-352 Cross-Site Request Forgery (CSRF) in etruel WPeMatico RSS Feed Fetcher
Description
The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-07-23T21:50:35.383Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68844fe2ad5a09ad005a5afa
Added to database: 7/26/2025, 3:47:46 AM
Last updated: 7/26/2025, 3:47:46 AM
Views: 1
Related Threats
CVE-2025-8176: Use After Free in LibTIFF
MediumCVE-2025-54416: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in tj-actions branch-names
CriticalCVE-2025-54415: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in astronomer dag-factory
CriticalCVE-2025-54414: CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in TecharoHQ anubis
MediumCVE-2025-54413: CWE-351: Insufficient Type Distinction in skops-dev skops
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.