CVE-2025-3099

Name of the Vulnerable Software and Affected Versions Advanced Search by My Solr Server plugin for WordPress versions up to, and including, 2.0.5

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing a specific action, such as clicking on a link.

Recommendations For versions up to, and including, 2.0.5, update to a version later than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the 'MySolrServerSettings' page to minimize the risk of exploitation.