CVE-2025-9629

Name of the Vulnerable Software and Affected Versions USS Upyun plugin for WordPress versions prior to 1.5.1

Description The USS Upyun plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to missing or incorrect nonce validation within the uss setting page function when handling the uss set form type. Successful exploitation allows unauthenticated attackers to modify critical Upyun cloud storage settings, including the bucket name, operator credentials, upload paths, and image processing parameters, by forging requests and tricking a site administrator into performing an action.

Recommendations Update the USS Upyun plugin to version 1.5.1 or later.