{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14391", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-09T21:05:19.695Z", "datePublished": "2025-12-12T03:21:02.210Z", "dateUpdated": "2026-04-08T17:31:59.368Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:59.368Z"}, "affected": [{"vendor": "darendev", "product": "Simple Theme Changer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efa9b44d-8b6c-4a11-82af-cecc2c202024?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-theme-changer/tags/1.0/class_theme_changer.php#L262"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "timeline": [{"time": "2025-12-11T15:06:58.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T20:37:51.775530Z", "id": "CVE-2025-14391", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T20:38:00.775Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14391", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T20:37:51.775530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T20:37:56.489Z"}}], "cna": {"title": "Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update", "credits": [{"lang": "en", "type": "finder", "value": "dayea song"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "darendev", "product": "Simple Theme Changer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-11T15:06:58.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efa9b44d-8b6c-4a11-82af-cecc2c202024?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/simple-theme-changer/tags/1.0/class_theme_changer.php#L262"}], "descriptions": [{"lang": "en", "value": "The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:59.368Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14391", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:31:59.368Z", "dateReserved": "2025-12-09T21:05:19.695Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T03:21:02.210Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-14391", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T04:15:49.940", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/simple-theme-changer/tags/1.0/class_theme_changer.php#L262"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/efa9b44d-8b6c-4a11-82af-cecc2c202024?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:28:09.428780+00:00", "value": {"mitigation_remediation": ["Upgrade the Simple Theme Changer plugin to the latest version where nonce validation has been implemented. ", "Temporarily restrict or disable the plugin\u2019s settings page for all but the most privileged administrators until the patch is applied. ", "Use a security plugin or scanner to verify that all other plugins and WordPress core functions perform proper nonce checks, and enforce site\u2011wide CSRF protection measures."], "summary": {"action": "Patch Now", "impact": "Unauthorized configuration changes via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Darendev Simple Theme Changer plugin installed with version 1.0 or earlier are affected. Any site administrator who accesses the plugin\u2019s settings through a forged request is at risk.", "description_and_impact": "The Simple Theme Changer plugin for WordPress lacks proper nonce validation in its configuration interface, allowing a cross\u2011site request forgery attack. An unauthenticated attacker can craft a forged request that, when a site administrator unknowingly clicks a link or visits a malicious page, updates the plugin\u2019s settings. This can alter theme selection, deactivate or enable other plugin features, or otherwise modify site appearance and behavior without the admin\u2019s knowledge.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate impact, and the EPSS score of less than 1% suggests a low likelihood of exploitation under normal conditions. The vulnerability is not listed in CISA\u2019s KEV catalog. The exploitation path requires the attacker to obtain a forged request and trick an administrator into executing it, making the attack vector an admin\u2011interaction CSRF scenario. While the probability is low, the impact to configuration integrity warrants prompt action."}}}}, "created": "2025-12-12T08:48:07.385471+00:00", "updated": "2026-04-20T21:30:18.592963+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}