{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0810", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-28T15:19:47.042Z", "datePublished": "2025-04-05T01:44:44.158Z", "dateUpdated": "2026-04-08T17:14:06.912Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:06.912Z"}, "affected": [{"vendor": "edmonparker", "product": "Read More & Accordion", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.4.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L82"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L59"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreInit.php#L122"}, {"url": "https://plugins.trac.wordpress.org/changeset/3265987/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bassem Essam"}], "timeline": [{"time": "2025-04-04T13:09:44.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-07T13:05:10.861244Z", "id": "CVE-2025-0810", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T14:12:32.633Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-07T13:05:10.861244Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-07T13:05:12.259Z"}}], "cna": {"title": "Read More & Accordion <= 3.4.7 - Cross-Site Request Forgery to Local File Inclusion", "credits": [{"lang": "en", "type": "finder", "value": "Bassem Essam"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "edmonparker", "product": "Read More & Accordion", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.4.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-04T13:09:44.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L82"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L59"}, {"url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreInit.php#L122"}, {"url": "https://plugins.trac.wordpress.org/changeset/3265987/"}], "descriptions": [{"lang": "en", "value": "The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:06.912Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0810", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:14:06.912Z", "dateReserved": "2025-01-28T15:19:47.042Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-05T01:44:44.158Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.7. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Read More &amp; Accordion para WordPress es vulnerable a cross-site request forgery en todas las versiones hasta la 3.4.5 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n addNewButtons(). Esto permite a atacantes no autenticados incluir y ejecutar archivos PHP arbitrarios mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-0810", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-05T02:15:15.140", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMoreInit.php#L122"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L59"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/expand-maker/trunk/classes/ReadMorePages.php#L82"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3265987/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:27:32.991704+00:00", "value": {"mitigation_remediation": ["Upgrade the Read More & Accordion plugin to version 3.4.8 or later, which contains proper nonce validation and removes the vulnerable code path.", "If an upgrade is not immediately possible, disable or delete the plugin until a secure version is available to prevent CSRF and LFI exploitation.", "Verify that all administrators use strong passwords and enable two\u2011factor authentication to reduce the risk of accidental clicks on malicious links.", "Deploy a web application firewall rule that blocks unexpected POST requests lacking a valid nonce to the addNewButtons() endpoint, providing a temporary protective measure while awaiting an update."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution via Local File Inclusion"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of the edmonparker Read More & Accordion WordPress plugin version 3.4.7 or earlier. The vulnerability applies to all WordPress sites running any of those versions of the plugin, as the CSRF mitigation is absent across the entire codebase up through 3.4.7.", "description_and_impact": "The Read More & Accordion plugin contains a missing nonce check in the addNewButtons() function, allowing attackers to forge requests that lead to local file inclusion of arbitrary PHP files. This flaw can be exploited by any site visitor to trick an authenticated administrator into clicking a specially crafted link, which then executes the included file with the admin\u2019s privileges. The result is full remote code execution on the affected WordPress site, compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS v3.1 base score of 7.5 indicates moderate\u2011to\u2011high severity. The EPSS score of less than 1% shows that the overall exploitation probability is low, and the vulnerability is not currently listed in CISA's KEV catalog. Nevertheless, the attack surface is a standard web request, meaning that an attacker can launch the exploit from anywhere without additional access. The primary attack vector is forged HTTP requests to the administrative endpoint, and the current exploitation complexity is low due to no prerequisite conditions beyond the CSRF flaw."}}}}, "created": "2026-04-21T21:30:45.747901+00:00", "updated": "2026-04-21T21:30:45.747912+00:00", "vendors": []}