PT-2025-50860 · WordPress · Truefy Embed
Dayea Song
·
Published
2025-12-12
·
Updated
2025-12-12
·
CVE-2025-14161
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Truefy Embed versions up to and including 1.1.0
Description
The Truefy Embed plugin for WordPress is susceptible to Cross-Site Request Forgery due to the absence of nonce validation on the
truefy embed options update settings update action. This allows unauthenticated attackers to modify the plugin’s settings, including the API key, by crafting a forged request, provided they can deceive a site administrator into performing an action.Recommendations
Update the Truefy Embed plugin to a version newer than 1.1.0.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Truefy Embed