CVE-2025-8104 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin 'Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions' developed by sminozzi. The vulnerability exists in all versions up to and including 3.98 due to the absence of nonce validation in the wpmemory_install_plugin() function. Nonce validation is a security mechanism used to ensure that requests made to a web application are intentional and originate from legitimate users. Without this protection, an attacker can craft a malicious request that, when executed by an authenticated site administrator (e.g., by clicking a link), can trigger the silent installation of one of several whitelisted plugins. This attack vector requires user interaction from an administrator but does not require the attacker to be authenticated. The vulnerability impacts the integrity of the affected WordPress site by allowing unauthorized plugin installations, which could lead to further compromise if malicious plugins are installed. The CVSS v3.1 base score is 4.3, indicating a medium severity level. The attack vector is network-based, with low attack complexity, no privileges required, but user interaction is necessary. There is no impact on confidentiality or availability directly, but integrity is affected due to unauthorized changes to the site’s plugin set. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability is classified under CWE-352, which corresponds to CSRF attacks.

For European organizations using WordPress sites with the vulnerable Memory Usage plugin, this vulnerability poses a risk primarily to site integrity. An attacker could trick a site administrator into performing an action that installs additional plugins without their consent. This could lead to the installation of plugins that may contain malicious code, backdoors, or other vulnerabilities, potentially escalating the compromise to data theft, site defacement, or further exploitation. Organizations relying on WordPress for critical web services or customer-facing portals could suffer reputational damage, loss of trust, and potential regulatory scrutiny under GDPR if personal data is compromised as a result of secondary attacks. The requirement for administrator interaction reduces the likelihood of automated widespread exploitation but does not eliminate risk, especially in environments where administrators may be targeted via phishing or social engineering campaigns. The medium severity score reflects that while the direct impact is limited, the vulnerability can serve as a stepping stone for more severe attacks.

1. Immediate mitigation should involve updating the Memory Usage plugin to a patched version once available from the vendor or disabling the plugin until a fix is released. 2. Implement strict administrative operational security practices, including training administrators to recognize and avoid phishing or suspicious links that could trigger CSRF attacks. 3. Employ Web Application Firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting the plugin’s installation endpoints. 4. Use security plugins or custom code to enforce nonce validation or other anti-CSRF tokens on sensitive plugin functions if patching is delayed. 5. Limit the number of users with administrator privileges to reduce the attack surface. 6. Monitor WordPress logs and plugin installation events for unusual activity indicative of unauthorized plugin installations. 7. Regularly audit installed plugins and remove any that are unnecessary or untrusted. 8. Consider implementing Content Security Policy (CSP) headers and SameSite cookie attributes to reduce CSRF risks overall.