CVE-2025-15376

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set stopwords for comments' and 'delete stopwords for comments' functions. This makes it possible for unauthenticated attackers to add or delete stopwords via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-15376

Affected Products

Stopwords For Comments

CVE-2025-15376

Weakness Enumeration

Related Identifiers

Affected Products

References · 3