CVE-2025-62117

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 14:15 nvd
N/A

Tags

CSRF Information Disclosure

Description

Cross-Site Request Forgery (CSRF) vulnerability in Jayce53 EasyIndex easyindex allows Cross Site Request Forgery.This issue affects EasyIndex: from n/a through <= 1.1.1704.

Analysis

Cross-site request forgery (CSRF) in Jayce53 EasyIndex WordPress plugin versions up to 1.1.1704 allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated administrators by inducing them to visit malicious web pages. The vulnerability affects all versions from the earliest tracked through 1.1.1704. No public exploit code or confirmed active exploitation has been identified; EPSS probability is minimal at 0.02% (5th percentile), suggesting low real-world exploitation likelihood despite the CSRF vector.

Technical Context

The vulnerability stems from missing or insufficient CSRF token validation in the EasyIndex WordPress plugin, classified under CWE-352 (Cross-Site Request Forgery). WordPress plugins handle administrative actions through HTTP requests; when CSRF protections (nonces) are not properly implemented, a malicious third-party website can forge requests that an authenticated administrator's browser will automatically execute. EasyIndex appears to be a WordPress plugin for content indexing or management, exposing administrative functions to this attack class without proper request origin verification or anti-CSRF tokens.

Affected Products

Jayce53 EasyIndex WordPress plugin (CPE identifier not provided in available data) is affected in all versions from initial release through version 1.1.1704. The vulnerability was reported by Patchstack, accessible via their vulnerability database at https://patchstack.com/database/Wordpress/Plugin/easyindex/vulnerability/wordpress-easyindex-plugin-1-1-1704-cross-site-request-forgery-csrf-vulnerability.

Remediation

Update the Jayce53 EasyIndex plugin to a version newer than 1.1.1704 (specific patched version number not provided in available advisory data; check the official WordPress plugin repository or Patchstack for the minimum safe version). Ensure proper WordPress security practices are maintained: verify plugin sources from the official WordPress.org plugin directory, regularly update WordPress core and all plugins, and implement additional security hardening such as Web Application Firewall (WAF) rules to detect and block suspicious cross-origin requests. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/easyindex/vulnerability for specific patch availability and version details.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62117 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy