CVE-2025-4337

Name of the Vulnerable Software and Affected Versions AHAthat Plugin for WordPress versions up to and including 1.6

Description The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the aha plugin page() function. This allows unauthenticated attackers to delete AHA pages by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For versions up to and including 1.6, consider disabling the aha plugin page() function until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the AHA pages to minimize the risk of deletion via forged requests.