CVE-2025-27328

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 24, 2025

CWE ID 352

Summary

CVE-2025-27328 is a Cross-Site Request Forgery (CSRF) vulnerability affecting WP-PostRatings Cheater plugin from version n/a through 1.5. Hackers can exploit this flaw to execute malicious actions on behalf of an unsuspecting user, by tricking them into clicking a specially crafted link. The attacker's success does not require any knowledge of the targeted user's password. This vulnerability poses a serious risk, as it can lead to unauthorized modifications and unintended actions within the WordPress site. Users are advised to update WP-PostRatings Cheater to the latest, secure version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lypZj
https://www.cve.org/CVERecord?id=CVE-2025-27328
https://nvd.nist.gov/vuln/detail/CVE-2025-27328

Back to Vulnerability Database

CVE-2025-27328

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations