CVE-2025-14852

Name of the Vulnerable Software and Affected Versions MDirector Newsletter plugin for WordPress versions through 4.5.8

Description The MDirector Newsletter plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of nonce verification within the mdirectorNewsletterSave function. An unauthenticated attacker could potentially update the plugin’s settings by forging a request, provided they can trick a site administrator into performing an action, such as clicking a malicious link.

Recommendations Update the MDirector Newsletter plugin to a version later than 4.5.8.