{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0801", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-28T14:45:28.388Z", "datePublished": "2025-02-28T04:21:57.065Z", "dateUpdated": "2026-04-08T17:17:10.320Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:10.320Z"}, "affected": [{"vendor": "ratemyagent", "product": "RateMyAgent Official", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve"}, {"url": "https://wordpress.org/plugins/ratemyagent-official/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dhabaleshwar Das"}], "timeline": [{"time": "2025-02-27T16:15:48.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-28T15:13:52.271119Z", "id": "CVE-2025-0801", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T15:14:01.351Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-28T15:13:52.271119Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T15:13:57.316Z"}}], "cna": {"title": "RateMyAgent Official <= 1.4.0 - Cross-Site Request Forgery to API Key Update", "credits": [{"lang": "en", "type": "finder", "value": "Dhabaleshwar Das"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "ratemyagent", "product": "RateMyAgent Official", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-27T16:15:48.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve"}, {"url": "https://wordpress.org/plugins/ratemyagent-official/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:10.320Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0801", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:10.320Z", "dateReserved": "2025-01-28T14:45:28.388Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-28T04:21:57.065Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ratemyagent:ratemyagent:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "97281026-6E1D-4581-BFF3-FDF3FBA3C72F", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento RateMyAgent Official para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.4.0 incluida. Esto se debe a una validaci\u00f3n de nonce incorrecta o faltante en el 'rma-settings-wizard'. Esto hace posible que atacantes no autenticados actualicen la clave API del complemento a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-0801", "lastModified": "2025-03-06T20:21:36.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-28T05:15:33.683", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/ratemyagent-official/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T07:01:40.886020+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest version of RateMyAgent Official.", "If upgrading is not possible, disable the rma\u2011settings\u2011wizard endpoint or deactivate the plugin to block the API key update path.", "Implement additional CSRF safeguards in WordPress admin, such as enforcing nonces or restricting cross\u2011origin requests."], "summary": {"action": "Patch", "impact": "API key modification via CSRF"}, "threat_synthesis": {"affected_systems": "All installations of the RateMyAgent Official plugin for WordPress up to, and including, version\u202f1.4.0 are affected. The flaw pertains to the rma\u2011settings\u2011wizard functionality and exists in every release of the plugin prior to the change that introduced proper nonce validation.", "description_and_impact": "The vulnerability is a CSRF flaw in the RateMyAgent Official plugin for WordPress. The plugin\u2019s rma\u2011settings\u2011wizard endpoint does not correctly validate or enforce nonces, allowing an attacker to trick an administrator into submitting a forged request that changes the plugin\u2019s API key without authentication. If an attacker succeeds, the new key could grant them unauthorized access to services protected by that API key, potentially compromising sensitive data or allowing further exploitation. The weakness corresponds to CWE\u2011352.", "risk_and_exploitability": "The CVSS base score is 4.3 and the EPSS score is less than 1\u202f%, indicating a moderate severity with a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Successful exploitation requires the attacker to entice a legitimate site administrator to click a crafted link or submit a forged form, which is feasible in a social\u2011engineering context. Once the API key is altered, the attacker can potentially use it to interact with the external service, undermining confidentiality in that ecosystem. Because the attack vector relies on CSRF, it is limited to the site where the admin logs in and does not require prior compromise of the server or the plugin code itself."}}}}, "created": "2026-04-22T07:15:11.678288+00:00", "updated": "2026-04-22T07:15:11.678304+00:00", "vendors": []}