CVE-2025-32268

Summary

CVE-2025-32268 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the QR Code Tag plugin for WordPress websites, specifically versions from n/a to 1.9.36 on the website www.15.to. Hackers can exploit this issue to perform unauthorized actions on affected websites, such as modifying content or accessing sensitive information, by tricking users into visiting a malicious link. The CSRF vulnerability allows attackers to bypass user authentication and execute malicious actions on behalf of the user. This can lead to significant security risks, including data breaches and unauthorized system changes. Users of the QR Code Tag plugin are strongly advised to update to the latest version, 1.9.37 or above, to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.