CVE-2025-12901

Name of the Vulnerable Software and Affected Versions Asgaros Forum plugin for WordPress versions prior to 3.2.2

Description The software is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce validation within the set subscription level() function. An unauthenticated attacker can potentially modify the subscription settings of logged-in users by tricking them into performing an action, such as clicking a malicious link.

Recommendations Update to version 3.2.2 or later.