{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12173", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T15:05:45.896Z", "datePublished": "2025-11-18T08:27:34.754Z", "dateUpdated": "2026-04-08T17:11:23.845Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:23.845Z"}, "affected": [{"vendor": "winkm89", "product": "WP Admin Microblog", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c26a76d-a104-4ea6-be9f-9e8dfc3b5cd5?source=cve"}, {"url": "https://wordpress.org/plugins/wp-admin-microblog/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2025-11-17T20:10:34.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T14:25:20.076379Z", "id": "CVE-2025-12173", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T14:25:27.053Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12173", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T14:25:20.076379Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T14:25:24.034Z"}}], "cna": {"title": "WP Admin Microblog <= 3.1.1 - Cross-Site Request Forgery to Message Creation", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "winkm89", "product": "WP Admin Microblog", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.1.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-17T20:10:34.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c26a76d-a104-4ea6-be9f-9e8dfc3b5cd5?source=cve"}, {"url": "https://wordpress.org/plugins/wp-admin-microblog/"}], "descriptions": [{"lang": "en", "value": "The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:23.845Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12173", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:11:23.845Z", "dateReserved": "2025-10-24T15:05:45.896Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-18T08:27:34.754Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'wp-admin-microblog' page. This makes it possible for unauthenticated attackers to send messages on behalf of an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-12173", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-18T09:15:47.717", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-admin-microblog/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c26a76d-a104-4ea6-be9f-9e8dfc3b5cd5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T11:43:25.371193+00:00", "value": {"mitigation_remediation": ["Upgrade WP Admin Microblog to a version newer than 3.1.1 or uninstall the plugin if no patch is available", "Ensure that all form submissions to the microblog endpoint include a valid nonce and restrict the endpoint to authenticated administrators, and consider applying WordPress or plugin settings to enforce this", "Review all installed plugins and update the WordPress core to the latest stable release so that any other potential nonce or CSRF issues are mitigated"], "summary": {"action": "Apply patch", "impact": "Cross\u2011Site Request Forgery enabling attackers to post messages as an administrator"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of the WP Admin Microblog plugin up to and including 3.1.1. Site administrators running WordPress with any of these plugin versions are at risk. No specific WordPress core versions are listed, so the issue is confined to the plugin itself.", "description_and_impact": "The WP Admin Microblog plugin for WordPress is vulnerable to Cross\u2011Site Request Forgery (CWE\u2011352) because it fails to validate nonces on the 'wp-admin-microblog' page. This flaw allows any unauthenticated attacker who can trick a site administrator into clicking a crafted link to cause the administrator to post a message on the microblog. The attacker does not gain direct code execution or data disclosure, but can create arbitrary posts under an admin\u2019s identity and potentially spread misinformation or spam.", "risk_and_exploitability": "The moderate CVSS score of 4.3 reflects moderate impact and requires attacker to target an authenticated administrator through a crafted request. Because the EPSS score is less than 1%, the likelihood of widespread exploitation is low, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need to send a forged request to the microblog endpoint, which could be triggered by a malicious link or a compromised website that the admin visits."}}}}, "created": "2025-11-19T10:47:55.216742+00:00", "updated": "2026-04-22T12:00:05.914286+00:00", "vendors": ["winkm89", "winkm89$PRODUCT$wp_admin_microblog", "wordpress", "wordpress$PRODUCT$wordpress"]}