CVE-2025-15376

Name of the Vulnerable Software and Affected Versions Stopwords for Comments WordPress Plugin versions prior to 1.2

Description The Stopwords for Comments plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation in the set stopwords for comments and delete stopwords for comments functions. An unauthenticated attacker can add or delete stopwords by forging a request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update Stopwords for Comments to version 1.2 or later.