CVE-2025-5930

Name of the Vulnerable Software and Affected Versions WP2HTML plugin for WordPress versions prior to 1.0.3

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save() function. This allows unauthenticated attackers to update plugin settings via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the save() function until a patch is available.