CVE-2025-62113

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 17:15 nvd
N/A

Tags

CSRF

Description

Cross-Site Request Forgery (CSRF) vulnerability in emendo_seb Co-marquage service-public.fr co-marquage-service-public allows Cross Site Request Forgery.This issue affects Co-marquage service-public.fr: from n/a through <= 0.5.77.

Analysis

Cross-site request forgery (CSRF) in the Co-marquage service-public.fr WordPress plugin up to version 0.5.77 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users by crafting malicious requests. The vulnerability lacks a CVSS score and shows minimal exploitation probability (0.01% EPSS), with no public exploit code or active exploitation indicators identified.

Technical Context

The vulnerability is a classic CSRF flaw (CWE-352) in a WordPress plugin that fails to implement adequate anti-CSRF tokens or verification mechanisms. WordPress plugins leveraging server-side state changes without proper nonce validation are susceptible to this attack class. The Co-marquage service-public.fr plugin, which appears to integrate French government administrative content into WordPress sites, lacks sufficient request origin validation. An attacker can craft HTML or JavaScript payloads that, when loaded by an authenticated administrator or user, trigger unintended plugin actions through the browser's automatic credential submission.

Affected Products

Co-marquage service-public.fr WordPress plugin from an unspecified baseline version through 0.5.77. The vulnerability is documented in the Patchstack database (https://patchstack.com/database/Wordpress/Plugin/co-marquage-service-public/vulnerability/wordpress-co-marquage-service-public-fr-plugin-0-5-77-cross-site-request-forgery-csrf-vulnerability), which tracks WordPress plugin vulnerabilities. Affected administrators running this plugin on WordPress installations should verify their version against the 0.5.77 threshold.

Remediation

Upgrade the Co-marquage service-public.fr plugin to a version newer than 0.5.77; consult the official plugin repository or Patchstack database for the specific patched release version. As an interim workaround pending plugin updates, administrators should restrict plugin functionality to trusted administrative users only, disable public-facing plugin features if unnecessary, and implement WordPress-level CSRF protection through security plugins that enforce additional nonce validation. Verify the fix through the plugin's official source and test functionality in a staging environment before deploying to production.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62113 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy