Skip to main content

Jayce53 EasyIndex CVE-2025-62117

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-12-31 audit@patchstack.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.4 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 14:15 nvd
N/A

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.

AnalysisAI

Cross-site request forgery (CSRF) in Jayce53 EasyIndex WordPress plugin versions up to 1.1.1704 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated administrators by inducing them to visit malicious web pages. The vulnerability affects all versions from the earliest tracked through 1.1.1704. No public exploit code or confirmed active exploitation has been identified; EPSS probability is minimal at 0.02% (5th percentile), suggesting low real-world exploitation likelihood despite the CSRF vector.

Technical ContextAI

The vulnerability stems from missing or insufficient CSRF token validation in the EasyIndex WordPress plugin, classified under CWE-352 (Cross-Site Request Forgery). WordPress plugins handle administrative actions through HTTP requests; when CSRF protections (nonces) are not properly implemented, a malicious third-party website can forge requests that an authenticated administrator's browser will automatically execute. EasyIndex appears to be a WordPress plugin for content indexing or management, exposing administrative functions to this attack class without proper request origin verification or anti-CSRF tokens.

Affected ProductsAI

Jayce53 EasyIndex WordPress plugin (CPE identifier not provided in available data) is affected in all versions from initial release through version 1.1.1704. The vulnerability was reported by Patchstack, accessible via their vulnerability database at https://patchstack.com/database/Wordpress/Plugin/easyindex/vulnerability/wordpress-easyindex-plugin-1-1-1704-cross-site-request-forgery-csrf-vulnerability.

RemediationAI

Update the Jayce53 EasyIndex plugin to a version newer than 1.1.1704 (specific patched version number not provided in available advisory data; check the official WordPress plugin repository or Patchstack for the minimum safe version). Ensure proper WordPress security practices are maintained: verify plugin sources from the official WordPress.org plugin directory, regularly update WordPress core and all plugins, and implement additional security hardening such as Web Application Firewall (WAF) rules to detect and block suspicious cross-origin requests. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/easyindex/vulnerability for specific patch availability and version details.

Share

CVE-2025-62117 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy