{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13527", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-21T19:48:05.237Z", "datePublished": "2026-01-07T08:21:54.497Z", "dateUpdated": "2026-04-08T17:26:15.307Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:15.307Z"}, "affected": [{"vendor": "anwerashif", "product": "xShare", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6006ffe-e2db-477f-8a9f-c0cf0434086b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/xshare/trunk/index.php#L50"}, {"url": "https://plugins.trac.wordpress.org/browser/xshare/tags/1.0.1/index.php#L50"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "timeline": [{"time": "2026-01-06T19:39:59.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-07T14:47:06.983417Z", "id": "CVE-2025-13527", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T16:12:30.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13527", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-07T14:47:06.983417Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-07T14:47:09.195Z"}}], "cna": {"title": "xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "anwerashif", "product": "xShare", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-06T19:39:59.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6006ffe-e2db-477f-8a9f-c0cf0434086b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/xshare/trunk/index.php#L50"}, {"url": "https://plugins.trac.wordpress.org/browser/xshare/tags/1.0.1/index.php#L50"}], "descriptions": [{"lang": "en", "value": "The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:15.307Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13527", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:15.307Z", "dateReserved": "2025-11-21T19:48:05.237Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-07T08:21:54.497Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xshare_plugin_reset()' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin xShare para WordPress es vulnerable a la falsificaci\u00f3n de petici\u00f3n en sitios cruzados en todas las versiones hasta la 1.0.1, inclusive. Esto se debe a la falta de validaci\u00f3n de nonce en la funci\u00f3n 'xshare_plugin_reset()'. Esto hace posible que atacantes no autenticados restablezcan la configuraci\u00f3n del plugin a trav\u00e9s de una petici\u00f3n falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-13527", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-07T12:16:48.920", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/xshare/tags/1.0.1/index.php#L50"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/xshare/trunk/index.php#L50"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6006ffe-e2db-477f-8a9f-c0cf0434086b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T16:44:41.882956+00:00", "value": {"mitigation_remediation": ["Apply any vendor update that fixes the CSRF issue.", "If an update cannot be applied immediately, block or remove the xshare_plugin_reset endpoint using a web application firewall or deny the request in the site\u2019s .htaccess file", "Educate site administrators to avoid clicking unfamiliar links and consider implementing additional CSRF defenses such as custom nonces in all plugin actions"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Request Forgery that allows an unauthenticated attacker to reset plugin settings"}, "threat_synthesis": {"affected_systems": "Vendors and products affected are the xShare plugin developed by anwerashif, used in WordPress installations. All released versions up to and including 1.0.1 are vulnerable, as the CSRF check is absent in those builds.", "description_and_impact": "The xShare WordPress plugin includes a reset function that lacks a required nonce check, creating a Cross\u2011Site Request Forgery vulnerability. An attacker can fabricate a request that, when an administrator clicks a link, causes the plugin\u2019s configuration to be reset. This loss of settings can lead to loss of functionality or expose the site to further attacks if the plugin settings control security\u2011relevant parameters.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a medium severity, and the EPSS score of less than 1% points to a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalogue. Based on the description it is inferred that the attack requires the victim to be an administrative user who is tricked into clicking a malicious link; the attacker can then trigger the reset without needing further authentication beyond the victim's session. This makes the vulnerability more exploitable in environments where administrators are not vigilant, but overall risk remains moderate due to the low availability of prepared exploit code."}}}}, "created": "2026-01-08T09:49:25.063978+00:00", "updated": "2026-04-21T16:45:15.221226+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}