CVE-2025-2247

Name of the Vulnerable Software and Affected Versions: WP-PManager plugin versions 1.2 and earlier

Description: The issue concerns the lack of a CSRF check when updating settings in the WP-PManager plugin. This could allow attackers to make a logged-in administrator change settings via a CSRF attack.

Recommendations: For WP-PManager plugin versions 1.2 and earlier, consider disabling the settings update functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.