{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5926", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-09T14:34:21.758Z", "datePublished": "2025-06-13T01:47:48.104Z", "dateUpdated": "2026-04-08T17:03:06.531Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:03:06.531Z"}, "affected": [{"vendor": "jconti", "product": "Link Shield", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.5.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e577828-4368-4781-877b-badb4dc50763?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/link-shield/trunk/link-shield.php#L24"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2025-06-12T13:08:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T14:03:39.865301Z", "id": "CVE-2025-5926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:03:46.794Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-13T14:03:39.865301Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:03:43.784Z"}}], "cna": {"title": "Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "jconti", "product": "Link Shield", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.5.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-12T13:08:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e577828-4368-4781-877b-badb4dc50763?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/link-shield/trunk/link-shield.php#L24"}], "descriptions": [{"lang": "en", "value": "The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:03:06.531Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5926", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:03:06.531Z", "dateReserved": "2025-06-09T14:34:21.758Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-13T01:47:48.104Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Link Shield para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 0.5.4 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n link_shield_menu_options(). Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-5926", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-13T03:15:52.607", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/link-shield/trunk/link-shield.php#L24"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e577828-4368-4781-877b-badb4dc50763?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:18:59.483448+00:00", "value": {"mitigation_remediation": ["Upgrade the Link Shield plugin to the latest version that includes the nonce validation fix, or remove the plugin entirely if an update is not yet available.", "If an upgrade cannot be applied immediately, disable the link_shield_menu_options endpoint or disable the plugin to block the CSRF vector until the patch is released.", "Audit other plugins and core site functionality to ensure that state\u2011changing requests are protected with proper nonces, and consider deploying a site\u2011wide CSRF protection plugin to enforce this requirement across all endpoints."], "summary": {"action": "Immediate Patch", "impact": "Stored XSS via CSRF"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all versions of Link Shield by jconti up to and including 0.5.4, which is used within WordPress installations.", "description_and_impact": "The Link Shield plugin for WordPress contains a Cross\u2011Site Request Forgery flaw caused by missing or incorrect nonce validation in the link_shield_menu_options() function. An unauthenticated attacker who can entice a site administrator to click a crafted link can change plugin settings and inject malicious scripts that are stored in the site. The resulting Stored Cross\u2011Site Scripting allows the attacker to run arbitrary code in the browsers of all visitors, compromising confidentiality and integrity of site data.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to trick an administrator into clicking a forged request; no remote code execution or elevated privileges are required beyond the compromised admin account."}}}}, "created": "2026-04-21T20:30:27.395294+00:00", "updated": "2026-04-21T20:30:27.395311+00:00", "vendors": []}