{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4194", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-01T13:10:20.872Z", "datePublished": "2025-05-17T03:24:50.522Z", "dateUpdated": "2026-04-08T17:17:37.471Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:37.471Z"}, "affected": [{"vendor": "alti5", "product": "AlT Monitoring", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7290317-418d-4e5c-85fa-f931cc4a865b?source=cve"}, {"url": "https://wordpress.org/plugins/alt-monitoring/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-05-16T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-19T15:39:03.483678Z", "id": "CVE-2025-4194", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T15:39:09.725Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4194", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-19T15:39:03.483678Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T15:39:07.023Z"}}], "cna": {"title": "AlT Monitoring <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "alti5", "product": "AlT Monitoring", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-16T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7290317-418d-4e5c-85fa-f931cc4a865b?source=cve"}, {"url": "https://wordpress.org/plugins/alt-monitoring/"}], "descriptions": [{"lang": "en", "value": "The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:37.471Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4194", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:37.471Z", "dateReserved": "2025-05-01T13:10:20.872Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-17T03:24:50.522Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento AlT Monitoring para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.3 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la p\u00e1gina \"ALT_Monitoring_edit\". Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-4194", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-17T04:16:20.320", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/alt-monitoring/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7290317-418d-4e5c-85fa-f931cc4a865b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:46:24.620316+00:00", "value": {"mitigation_remediation": ["Update the AlT Monitoring plugin to the latest version that includes the CSRF validation fix.", "If a patch is not yet available, disable the plugin or restrict its use to the most trusted administrators until the fix is applied.", "Add site\u2011wide anti\u2011CSRF measures such as enforcing valid nonces on all admin actions, or employ a security plugin that checks for CSRF tokens.", "Regularly review WordPress security advisories for this plugin and apply any new patches as soon as they are released."], "summary": {"action": "Immediate Update", "impact": "Stored Cross\u2011Site Scripting via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed AlT Monitoring version 1.0.3 or earlier. The plugin is distributed by the vendor alti5 and is installed as a standard WordPress plugin.", "description_and_impact": "The AlT Monitoring plugin for WordPress fails to validate nonces on the admin edit page, enabling an unauthenticated attacker to forge a request that updates the settings. Once the admin is tricked into submitting the forged request, malicious scripts can be injected into the plugin settings and subsequently executed in the browsers of any visitor to the site, leading to stored cross\u2011site scripting. The vulnerability itself is a classic CSRF condition exploiting missing or incorrect protection on a state\u2011changing endpoint.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity, while the EPSS score of less than 1% suggests the probability of active exploitation is low at the moment. The vulnerability is not listed in CISA KEV, and because an attacker can inject scripts that execute in visitors' browsers, the primary threat is stored cross\u2011site scripting. The path of exploitation requires user interaction \u2013 the target admin must click a link or button that contains the forged request \u2013 which, once executed, can lead to potential confidentiality and integrity impacts (inferred) because injected scripts could exfiltrate data or alter displayed content."}}}}, "created": "2026-04-21T21:00:35.996472+00:00", "updated": "2026-04-21T21:00:35.996482+00:00", "vendors": []}