PT-2026-1567 · WordPress · Ns Ie Compatibility Fixer
Muhammad Afnaan
·
Published
2026-01-07
·
Updated
2026-01-07
·
CVE-2025-14845
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NS IE Compatibility Fixer plugin for WordPress versions through 2.1.5
Description
The software is susceptible to Cross-Site Request Forgery (CSRF) due to the absence of nonce validation on the settings update functionality. This allows attackers to modify the plugin’s settings by deceiving an administrator into performing an action, such as clicking a link. The attack requires the attacker to forge a request.
Recommendations
Update the NS IE Compatibility Fixer plugin to a version newer than 2.1.5.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ns Ie Compatibility Fixer