CVE-2025-10312

Name of the Vulnerable Software and Affected Versions WordPress Theme Importer plugin versions prior to 1.0

Description The Theme Importer plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation when handling form submissions within the theme-importer.php file. An unauthenticated attacker could potentially trigger arbitrary file downloads and execute malicious operations by deceiving a site administrator into performing an action, such as clicking a link.

Recommendations Update the Theme Importer plugin to a version newer than 1.0.