CVE-2025-12373

Name of the Vulnerable Software and Affected Versions Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress versions prior to 1.9.

Description The Torod WordPress plugin is susceptible to Cross-Site Request Forgery (CSRF). This is a result of inadequate or missing nonce validation within the save settings function. An unauthenticated attacker could potentially modify the plugin’s settings by tricking a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update to a version of the Torod WordPress plugin that is later than 1.9.