Skip to main content

CAS Maestro CVE-2025-30561

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-03-24 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Updated
Apr 25, 2026 - 00:15 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
Analysis Generated
Mar 28, 2026 - 18:33 vuln.today
CVE Published
Mar 24, 2025 - 14:15 nvd
HIGH 7.1

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Henrique Mouta CAS Maestro allows Stored XSS. This issue affects CAS Maestro: from n/a through 1.1.3.

AnalysisAI

Cross-site request forgery (CSRF) in CAS Maestro WordPress plugin versions up to 1.1.3 enables attackers to chain CSRF with stored XSS, allowing malicious scripts to be persistently injected into the application. Attackers trick authenticated administrators into executing forged requests that store malicious payloads, which then execute in victims' browsers with administrator privileges. EPSS score of 0.04% (12th percentile) indicates low observed exploitation probability, and no active exploitation is confirmed in CISA KEV. This WordPress plugin vulnerability requires social engineering to exploit but achieves scope change (S:C) allowing cross-context attacks once the stored XSS payload is injected.

Technical ContextAI

This vulnerability combines two CWE classes: CWE-352 (Cross-Site Request Forgery) as the initial attack vector and implicit stored XSS as the impact. CAS Maestro is a WordPress plugin for Central Authentication Service (CAS) integration, providing single sign-on functionality. The CSRF flaw occurs when the plugin fails to implement proper nonce validation or origin checking on state-changing administrative operations. This allows attackers to craft malicious HTML forms or links that, when visited by an authenticated WordPress administrator, submit requests to the plugin's endpoints. These forged requests can inject JavaScript payloads that persist in the database (stored XSS), executing whenever administrators or users access affected plugin pages. The CVSS scope change metric (S:C) indicates the stored XSS component can affect resources beyond the vulnerable component's security scope, potentially compromising the entire WordPress installation.

Affected ProductsAI

WordPress plugin CAS Maestro versions from earliest release through 1.1.3 are affected, as reported by Patchstack to NVD. The vulnerability exists in the plugin's administrative interface where CSRF protections are insufficient to prevent forged requests that can inject stored XSS payloads. Vendor advisory and details available at https://patchstack.com/database/wordpress/plugin/cas-maestro/vulnerability/wordpress-cas-maestro-plugin-1-1-3-csrf-to-stored-xss-vulnerability.

RemediationAI

Update CAS Maestro to a version above 1.1.3 if available from the WordPress plugin repository or vendor. As of this analysis, Patchstack has disclosed the vulnerability but no independently confirmed patched version number is available from the provided data sources. Site administrators should check the WordPress plugin repository for updates or contact plugin author Henrique Mouta directly. As compensating controls until a patch is applied: restrict WordPress admin panel access to trusted IP ranges only, implement additional CSRF tokens at the web application firewall layer if available, educate administrators to never click external links while logged into WordPress admin, and consider temporarily disabling CAS Maestro if CAS SSO functionality is not immediately required. These mitigations reduce social engineering attack surface but do not eliminate the underlying vulnerability. Monitor WordPress admin activity logs for unexpected configuration changes or content modifications that could indicate successful CSRF exploitation.

Share

CVE-2025-30561 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy