CVE-2025-9627 is a medium severity Cross-Site Request Forgery (CSRF) vulnerability identified in the izem Run Log plugin for WordPress, affecting all versions up to and including 1.7.10. The vulnerability is due to missing or incorrect nonce validation in the oirl_plugin_options function, which is responsible for handling plugin configuration changes. Nonces in WordPress are security tokens used to verify that requests originate from legitimate users and prevent CSRF attacks. Without proper nonce validation, an attacker can craft a malicious link or webpage that, when visited by a site administrator, causes unintended changes to the plugin’s settings. These changes include modifying distance units, pace display preferences, style themes, and display positions. The attack does not require the attacker to be authenticated, but it does require the administrator to interact with the malicious content (e.g., clicking a link). The vulnerability impacts the integrity of the plugin’s configuration but does not affect confidentiality or availability. The CVSS 3.1 base score is 4.3, reflecting a network attack vector, low attack complexity, no privileges required, user interaction required, and limited impact on integrity only. No public exploits have been reported yet, and no official patches are linked in the provided information. The vulnerability was published on September 11, 2025, and assigned by Wordfence. Organizations using this plugin should urgently verify their version and apply fixes or mitigations to prevent unauthorized configuration changes that could affect user experience or site behavior.

The primary impact of this vulnerability is the unauthorized modification of plugin settings, which compromises the integrity of the affected WordPress site’s configuration. Although this does not directly expose sensitive data or disrupt service availability, altered settings could degrade user experience, cause confusion, or potentially facilitate further attacks if the changed configurations weaken security posture or enable other vulnerabilities. Since the attack requires an administrator to interact with a malicious link, the risk is somewhat mitigated by user awareness but remains significant in environments with multiple administrators or less security-conscious users. Organizations relying on the izem Run Log plugin for fitness tracking or related functionalities may experience inconsistent or incorrect display of data, which could undermine trust in the site. The vulnerability’s medium severity score reflects these factors. No known exploits in the wild reduce immediate risk, but the potential for targeted attacks against high-value WordPress sites remains.

1. Immediately verify the version of the izem Run Log plugin in use and upgrade to a patched version once available. 2. If no patch is currently released, implement manual nonce validation in the oirl_plugin_options function to ensure all requests modifying plugin settings include a valid nonce token. 3. Educate site administrators about the risks of clicking untrusted links, especially when logged into WordPress admin interfaces. 4. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce CSRF attack vectors. 5. Use security plugins that provide additional CSRF protections or monitor for suspicious administrative actions. 6. Regularly audit plugin configurations and logs for unauthorized changes. 7. Limit the number of administrators and enforce strong authentication methods such as multi-factor authentication (MFA) to reduce the risk of compromised admin accounts. 8. Monitor threat intelligence sources for updates on exploits or patches related to this vulnerability.