CVE-2025-9623 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the 'Admin in English with Switch' WordPress plugin, which is designed to allow administrators to switch the admin interface language to English. The vulnerability exists in all versions up to and including 1.1 due to missing or incorrect nonce validation on the enable_eng function, which is responsible for enabling the English language interface. Nonce validation is a security mechanism used to ensure that requests are intentional and originate from legitimate users. Without proper nonce checks, attackers can craft malicious web requests that, when executed by an authenticated administrator (e.g., by clicking a malicious link), cause unauthorized changes to the administrator's language settings. Although the vulnerability does not expose sensitive data or disrupt service availability, it compromises the integrity of administrative settings. The attack vector is remote and requires no privileges or authentication, but it does require user interaction. The CVSS v3.1 score of 4.3 reflects the medium severity, emphasizing the ease of exploitation balanced against limited impact. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly to prevent potential misuse.

The primary impact of this vulnerability is on the integrity of administrative configurations within WordPress sites using the affected plugin. An attacker can alter the administrator's language settings without authorization, which could lead to confusion or misconfiguration. While this does not directly compromise sensitive data or site availability, it can be leveraged as part of a broader attack chain, such as social engineering or further exploitation by causing administrators to operate in an unexpected language environment. This could increase the risk of mismanagement or errors in site administration. Since the vulnerability requires user interaction but no authentication, it poses a moderate risk, especially for sites with multiple administrators or where administrators frequently browse untrusted content. Organizations worldwide that rely on this plugin may face operational disruptions or reduced administrative control until the vulnerability is mitigated.

To mitigate this vulnerability, organizations should immediately monitor for updates or patches from the plugin vendor and apply them as soon as they become available. In the absence of a patch, administrators should limit exposure by restricting administrative access to trusted networks and enforcing strict browsing policies to avoid clicking untrusted links. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests targeting the enable_eng function can reduce risk. Additionally, administrators should be educated about CSRF risks and trained to recognize phishing attempts or suspicious links. Site owners can also consider temporarily disabling or replacing the plugin with alternative solutions that have proper nonce validation. Regular security audits and monitoring of administrative setting changes can help detect unauthorized modifications early.