CVE-2025-30585

Name of the Vulnerable Software and Affected Versions marynixie Generate Post Thumbnails versions 0.8 and earlier

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as sending a request to the /api/v1/login endpoint with malicious parameters like username and password.

Recommendations For versions 0.8 and earlier, consider disabling the Generate Post Thumbnails feature until a patch is available to prevent potential CSRF attacks. Restrict access to sensitive API endpoints to minimize the risk of exploitation. Avoid using sensitive parameters in affected API endpoints until the issue is resolved.