PT-2025-42293 · WordPress · Topbar
Jason Carle
·
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2025-10300
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress TopBar plugin versions prior to 1.0.1
Description
The TopBar plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the
fme nb topbar save settings() function. This allows attackers to modify the plugin’s settings by exploiting a forged request, provided they can induce a site administrator to perform an action.Recommendations
Update the TopBar plugin to version 1.0.1 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Topbar