CVE-2025-4580

Name of the Vulnerable Software and Affected Versions File Provider versions 1.2.3 and earlier

Description The issue is related to the lack of a CSRF check when updating settings in the File Provider WordPress plugin. This could allow attackers to make a logged-in admin change the settings via a CSRF attack.

Recommendations For versions 1.2.3 and earlier, consider disabling the settings update functionality until a patch is available. Restrict access to the settings update module to minimize the risk of exploitation. Avoid using the plugin's settings update feature until the issue is resolved.