{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6781", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-27T12:07:46.189Z", "datePublished": "2025-07-18T04:23:03.205Z", "dateUpdated": "2026-04-08T17:32:29.584Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:29.584Z"}, "affected": [{"vendor": "ryanfaber", "product": "Copymatic \u2013 AI Content Writer & Generator", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Copymatic \u2013 AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for unauthenticated attackers to update the copymatic_apikey option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Copymatic \u2013 AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f18b1276-3f43-447d-8251-095c2dd57938?source=cve"}, {"url": "https://wordpress.org/plugins/copymatic/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-07-17T16:19:57.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T14:46:45.968716Z", "id": "CVE-2025-6781", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:56:32.945Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6781", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T14:46:45.968716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T14:54:35.560Z"}}], "cna": {"title": "Copymatic \u2013 AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "ryanfaber", "product": "Copymatic \u2013 AI Content Writer & Generator", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-17T16:19:57.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f18b1276-3f43-447d-8251-095c2dd57938?source=cve"}, {"url": "https://wordpress.org/plugins/copymatic/"}], "descriptions": [{"lang": "en", "value": "The Copymatic \u2013 AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for unauthenticated attackers to update the copymatic_apikey option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:29.584Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6781", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:32:29.584Z", "dateReserved": "2025-06-27T12:07:46.189Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-18T04:23:03.205Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Copymatic \u2013 AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for unauthenticated attackers to update the copymatic_apikey option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Copymatic \u2013 AI Content Writer &amp; Generator para WordPress es vulnerable a cross-site request forgery en todas las versiones hasta la 2.1 incluida. Esto se debe a la falta o a una validaci\u00f3n de nonce incorrecta en la p\u00e1gina \"copymatic-menu\". Esto permite que atacantes no autenticados actualicen la opci\u00f3n copymatic_apikey mediante una solicitud falsificada, lo que les permite enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-6781", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-18T05:15:31.950", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/copymatic/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f18b1276-3f43-447d-8251-095c2dd57938?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:14:05.333868+00:00", "value": {"mitigation_remediation": ["Update Copymatic to a version newer than 2.1 where the nonce check is properly implemented.", "If an update is not immediately feasible, restrict access to the settings page or temporarily disable the copymatic_apikey option to prevent unauthorized changes.", "Verify that nonce validation is present on all future settings changes and consider adding an additional verification layer such as checking user capabilities or implementing a custom CSRF token."], "summary": {"action": "Apply Patch", "impact": "Unauthorized configuration change via CSRF"}, "threat_synthesis": {"affected_systems": "All versions of the Copymatic \u2013 AI Content Writer & Generator plugin from ryanfaber up to and including 2.1 are affected. Administrators using these releases should verify the installed version and apply fixes when available.", "description_and_impact": "The Copymatic \u2013 AI Content Writer & Generator plugin for WordPress contains a Cross\u2011Site Request Forgery flaw that bypasses nonce validation on the settings page. A forged request can alter the copymatic_apikey option without authentication, allowing an attacker to compromise the API key used for content generation. This vulnerability is identified as a CWE\u2011352 type flaw with a CVSS score of 4.3, indicating low\u2011to\u2011medium severity.", "risk_and_exploitability": "The flaw offers a low\u2011probability attack vector that requires only an unauthenticated attacker to lure a site administrator into clicking a forged link. Because the EPSS score is below 1\u202f% and the vulnerability is not listed in CISA's KEV catalog, the likelihood of widespread exploitation is currently low. Nonetheless, the potential to compromise the API key warrants prompt attention."}}}}, "created": "2026-04-20T22:15:06.200641+00:00", "updated": "2026-04-20T22:15:06.200659+00:00", "vendors": []}