{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3870", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-22T14:54:45.797Z", "datePublished": "2025-04-25T08:22:13.223Z", "dateUpdated": "2026-04-08T17:01:04.270Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:01:04.270Z"}, "affected": [{"vendor": "olarmarius", "product": "1 Decembrie 1918", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.dec.2012", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73f7646f-f01f-4f57-836c-e0bd04764ba9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/1-decembrie-1918/tags/1.dec.1918/1-decembrie-1918.php"}, {"url": "https://wordpress.org/plugins/1-decembrie-1918/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-04-24T20:01:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T14:28:15.682635Z", "id": "CVE-2025-3870", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T14:28:26.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3870", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-25T14:28:15.682635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T14:28:21.549Z"}}], "cna": {"title": "1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Johannes Skamletz"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "olarmarius", "product": "1 Decembrie 1918", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.dec.2012"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-24T20:01:14.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73f7646f-f01f-4f57-836c-e0bd04764ba9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/1-decembrie-1918/tags/1.dec.1918/1-decembrie-1918.php"}, {"url": "https://wordpress.org/plugins/1-decembrie-1918/"}], "descriptions": [{"lang": "en", "value": "The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-25T08:22:13.223Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3870", "state": "PUBLISHED", "dateUpdated": "2025-04-25T14:28:26.319Z", "dateReserved": "2025-04-22T14:54:45.797Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-25T08:22:13.223Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento 1 de diciembre de 1918 para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1 de diciembre de 2012 incluida. Esto se debe a la falta o a una validaci\u00f3n incorrecta del nonce en la p\u00e1gina 1-decembrie-1918/1-decembrie-1918.php. Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-3870", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-25T09:15:14.573", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/1-decembrie-1918/tags/1.dec.1918/1-decembrie-1918.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/1-decembrie-1918/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73f7646f-f01f-4f57-836c-e0bd04764ba9?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:07:22.902629+00:00", "value": {"mitigation_remediation": ["Upgrade the 1\u202fDecembrie\u202f1918 plugin to a release dated after 1.dec.2012 or any version that includes nonce validation for the settings page.", "If an upgrade is not feasible, disable or uninstall the plugin completely to eliminate the attack surface.", "Apply site\u2011wide Cross\u2011Site Request Forgery protection, such as enforcing nonces on all admin requests, and monitor administrator activity for suspicious link clicks."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting via CSRF"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the WordPress plugin 1 Decembrie 1918, distributed by the vendor OlarMarius. All plugin releases with a version tag up to and including 1.dec.2012 are vulnerable, while releases newer than that date are presumably fixed. WordPress sites that have any of those versions installed are at risk.", "description_and_impact": "The 1 Decembrie 1918 plugin for WordPress contains a Cross\u2011Site Request Forgery vulnerability that allows unauthenticated attackers to forge requests to the plugin\u2019s settings page. Because the page does not include proper nonce validation, an adversary can trick a site administrator into clicking a crafted link and thereby inject malicious JavaScript that is stored in the plugin\u2019s configuration. This stored Cross\u2011Site Scripting can execute in the context of any visitor who views the affected page, potentially exposing session cookies, defacing the site or facilitating further attacks. The weakness is identified as CWE\u201179.", "risk_and_exploitability": "The CVSS base score is 6.1, reflecting a medium severity risk. The EPSS score of less than 1\u202f% indicates a very low probability of exploitation in the wild at this time, and the issue is currently not listed in the CISA KEV catalog. Nevertheless, the attack vector requires an unauthenticated attacker to obtain a forged request that the site administrator will execute; phishing or social engineering is the typical prerequisite. Because the flaw allows persistent script injection, mitigation should be treated with priority."}}}}, "created": "2026-04-21T21:15:45.448246+00:00", "updated": "2026-04-21T21:15:45.448256+00:00", "vendors": []}