CVE-2025-14845

MEDIUM
2026-01-07 [email protected]
4.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 07, 2026 - 12:16 nvd
MEDIUM 4.3

Tags

WordPress CSRF PHP

Description

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

Analysis

NS IE Compatibility Fixer (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

Technical Context

This vulnerability (CWE-352: Cross-Site Request Forgery (CSRF)) affects NS IE Compatibility Fixer (WordPress plugin). The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

Affected Products

Vendor: WordPress. Product: NS IE Compatibility Fixer (WordPress plugin).

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

22
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +22
POC: 0

Share

CVE-2025-14845 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy