CVE-2025-9213

Name of the Vulnerable Software and Affected Versions WordPress TextBuilder plugin versions 1.0.0 through 1.1.1

Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation. An unauthenticated attacker can update a user's authorization token by forging a request, provided they can trick a site administrator into performing an action. Updating the token allows the attacker to modify the user's password and email address. The vulnerable function is handleToken.

Recommendations Update to a version beyond 1.1.1.