CVE-2025-9887 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Custom Login And Signup Widget plugin developed by bittokazi for WordPress. The flaw exists due to missing or incorrect nonce validation in the /frndzk_adminclsw.php file, which is responsible for handling administrative actions related to user login and signup settings. Nonces are security tokens used to verify that requests originate from legitimate users and not from malicious third-party sites. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated administrator (e.g., by clicking a link), changes critical user account settings such as email addresses and usernames. This attack does not require the attacker to be authenticated themselves but does require user interaction from a privileged user. The vulnerability affects all versions up to 1.0 of the plugin. The CVSS 3.1 base score of 4.3 reflects that the attack vector is network-based, requires no privileges, but does require user interaction, and impacts integrity but not confidentiality or availability. No patches or exploit code are currently publicly available, and no active exploitation has been reported. However, the vulnerability poses a risk to the integrity of user account data and could facilitate further attacks if exploited.

The primary impact of this vulnerability is the unauthorized modification of user account settings, specifically email and username fields, by an attacker leveraging CSRF. This can lead to account takeover scenarios if attackers change email addresses to ones they control, enabling password reset or other account recovery mechanisms. Although confidentiality and availability are not directly affected, the integrity compromise can undermine trust in the affected WordPress site and its user management. For organizations, this could result in unauthorized access, potential privilege escalation, and disruption of user authentication workflows. The requirement for administrator interaction limits the ease of exploitation but does not eliminate risk, especially in environments with many administrators or where phishing is feasible. The lack of known exploits reduces immediate threat but does not preclude future attacks. Organizations relying on this plugin for user management face reputational damage, potential data integrity issues, and increased risk of further compromise if attackers leverage changed credentials.

To mitigate this vulnerability, organizations should first check for plugin updates or patches from the vendor and apply them promptly once available. In the absence of an official patch, administrators can implement the following specific measures: 1) Disable or remove the Custom Login And Signup Widget plugin if it is not essential to reduce attack surface. 2) Implement Web Application Firewall (WAF) rules to detect and block suspicious POST requests targeting /frndzk_adminclsw.php, especially those lacking valid nonce tokens or originating from external referrers. 3) Educate administrators about phishing and social engineering risks to prevent clicking on untrusted links. 4) Restrict administrative access to trusted networks or VPNs to reduce exposure. 5) Monitor logs for unusual changes to user account settings and implement alerting for such events. 6) Consider adding custom nonce validation or CSRF protections if feasible by modifying plugin code or using security plugins that enforce nonce checks. These targeted mitigations go beyond generic advice by focusing on the specific vulnerable endpoint and attack vector.