CVE-2025-9623 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin 'Admin in English with Switch' developed by dontcare. This vulnerability exists in all versions up to and including version 1.1 due to missing or incorrect nonce validation in the 'enable_eng' function. Nonces in WordPress are security tokens used to verify that a request comes from a legitimate source. The absence or improper implementation of nonce validation allows an attacker to craft a malicious request that, when executed by an authenticated administrator (e.g., by clicking a link), can change the administrator's language settings without their consent. Although the vulnerability does not directly compromise confidentiality or availability, it impacts the integrity of the administrator's settings. The CVSS 3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction (the administrator must be tricked into clicking a malicious link). There are no known exploits in the wild at this time, and no patches have been published yet. The vulnerability is classified under CWE-352, which is a common web security weakness related to CSRF attacks. Given that this vulnerability affects a WordPress plugin, it is relevant to any WordPress site using this plugin, regardless of the hosting environment. The attack scope is limited to modifying language settings, which may seem minor but could be leveraged as part of a broader attack chain or cause administrative confusion and misconfiguration.

For European organizations, the impact of CVE-2025-9623 primarily concerns the integrity of administrative settings on WordPress sites using the vulnerable plugin. While the direct impact is limited to changing language preferences, this could lead to administrative errors, miscommunication, or reduced usability for site administrators. In some cases, altering language settings might be used as a stepping stone for social engineering or to mask further malicious activities by confusing administrators. Organizations relying heavily on WordPress for their web presence, especially those with multilingual content or administrative teams using this plugin, could face operational disruptions. Although the vulnerability does not directly expose sensitive data or cause service outages, the potential for misuse in targeted attacks or combined with other vulnerabilities should not be underestimated. Additionally, given the widespread use of WordPress in Europe, even a medium-severity vulnerability can have significant cumulative effects if exploited at scale.

Since no official patch is currently available, European organizations should take immediate steps to mitigate this vulnerability. First, disable or uninstall the 'Admin in English with Switch' plugin until a secure version is released. If the plugin is essential, restrict administrative access to trusted networks or VPNs to reduce exposure. Implement strict Content Security Policy (CSP) headers to limit the ability of attackers to execute malicious scripts that could trigger CSRF attacks. Educate administrators about the risks of clicking unsolicited links, especially when logged into administrative accounts. Monitor web server logs for suspicious requests targeting the 'enable_eng' function or unusual changes in language settings. Once a patch is released, prioritize updating the plugin promptly. Additionally, consider deploying Web Application Firewalls (WAFs) with rules to detect and block CSRF attempts targeting this plugin's endpoints. Finally, review and harden nonce implementations across all custom plugins and themes to prevent similar vulnerabilities.