CVE-2025-13438

Name of the Vulnerable Software and Affected Versions Page Title, Description & Open Graph Updater plugin for WordPress versions prior to 1.03

Description The plugin is susceptible to Cross-Site Request Forgery (CSRF) due to the absence of nonce validation on several AJAX actions, including dieno update page title. This allows attackers to update page titles and metadata by forging requests, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update the Page Title, Description & Open Graph Updater plugin to version 1.03 or later.