CVE-2025-14389

Name of the Vulnerable Software and Affected Versions WPBlogSyn versions prior to 1.1

Description The WPBlogSyn plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of inadequate or missing nonce validation. An unauthenticated attacker could potentially modify the plugin’s remote sync settings by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the WPBlogSyn plugin to version 1.1 or later.