CVE-2025-8104 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin 'Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions' developed by sminozzi, in all versions up to and including 3.98. The vulnerability arises from missing nonce validation in the wpmemory_install_plugin() function, which is responsible for installing plugins. Due to the lack of proper CSRF protections, an unauthenticated attacker can craft a malicious request that, if an authenticated site administrator is tricked into clicking (e.g., via a link), can cause the silent installation of one of several whitelisted plugins without the administrator's explicit consent. This attack vector leverages the administrator's authenticated session and the absence of nonce checks to bypass intended security controls. The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack requires user interaction (UI:R), no privileges (PR:N), and network access (AV:N), with limited impact confined to integrity (I:L) and no impact on confidentiality or availability. No known exploits are currently reported in the wild, and no patches or updates have been linked yet. The vulnerability is classified under CWE-352, which covers CSRF issues where state-changing requests lack anti-CSRF tokens or equivalent protections. This vulnerability could allow attackers to modify the plugin environment by installing additional plugins, potentially leading to further compromise depending on the installed plugins' capabilities.

For European organizations using WordPress sites with the affected Memory Usage plugin, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to install additional plugins silently, potentially escalating privileges or introducing malicious code, backdoors, or other attack vectors. This could lead to integrity violations of the website content or functionality, unauthorized modifications, or preparation for more severe attacks such as data exfiltration or site defacement. Although confidentiality and availability impacts are not directly indicated, the integrity compromise could indirectly affect these areas if further exploitation occurs. Organizations with high-value WordPress sites, especially those handling sensitive customer data or critical business functions, could face reputational damage and operational disruptions. The requirement for user interaction (administrator clicking a malicious link) reduces the likelihood but does not eliminate risk, especially in environments where phishing or social engineering attacks are common. Given the widespread use of WordPress across Europe, the vulnerability could affect a broad range of sectors including e-commerce, government, education, and media.

To mitigate this vulnerability, organizations should immediately verify if the Memory Usage plugin is installed and identify the version in use. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate the attack surface. If the plugin is essential, restrict administrative access to trusted networks and users, and implement strict web filtering and email security controls to reduce the risk of phishing or malicious link delivery. Educate administrators about the risks of clicking untrusted links while logged into WordPress admin panels. Monitor WordPress logs for unusual plugin installation activities. Once a patch or update is available from the vendor, apply it promptly. Additionally, consider implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the wpmemory_install_plugin() function. Employing multi-factor authentication (MFA) for admin accounts can also reduce the risk of session hijacking that could facilitate exploitation.