CVE-2025-13990

Name of the Vulnerable Software and Affected Versions Mamurjor Employee Info plugin for WordPress versions up to and including 1.0.0

Description The software is susceptible to Cross-Site Request Forgery (CSRF) due to the absence of nonce validation on several administrative functions. This allows unauthenticated attackers to create, update, or delete employee records, departments, designations, salary grades, education records, and salary payments by deceiving a site administrator into performing an action, such as clicking a link.

Recommendations Update the Mamurjor Employee Info plugin to a version beyond 1.0.0.