CVE-2025-9896

Name of the Vulnerable Software and Affected Versions HidePost plugin for WordPress versions prior to 2.3.9

Description The software is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the options.php settings page. This allows unauthenticated attackers to modify plugin settings by tricking a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the HidePost plugin to version 2.3.9 or later.