CVE-2025-9882

Name of the Vulnerable Software and Affected Versions osTicket WP Bridge versions up to and including 1.9.2

Description The osTicket WP Bridge plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update osTicket WP Bridge to a version later than 1.9.2.