{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8104", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-23T22:34:10.659Z", "datePublished": "2025-07-27T04:23:39.777Z", "dateUpdated": "2026-04-08T17:23:33.474Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:23:33.474Z"}, "affected": [{"vendor": "sminozzi", "product": "Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.98", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the several whitelisted plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbaf06b2-9ac3-4882-9212-fdcecdc5fb8c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-memory/tags/3.98/wpmemory.php#L376"}, {"url": "https://wordpress.org/plugins/wp-memory/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3333316"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-07-24T06:40:43.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-07-26T16:22:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T14:57:59.456435Z", "id": "CVE-2025-8104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T14:58:10.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T14:57:59.456435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T14:58:03.250Z"}}], "cna": {"title": "Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_install_plugin Function", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "sminozzi", "product": "Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.98"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-24T06:40:43.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-07-26T16:22:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbaf06b2-9ac3-4882-9212-fdcecdc5fb8c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-memory/tags/3.98/wpmemory.php#L376"}, {"url": "https://wordpress.org/plugins/wp-memory/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3333316"}], "descriptions": [{"lang": "en", "value": "The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the several whitelisted plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:23:33.474Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8104", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:23:33.474Z", "dateReserved": "2025-07-23T22:34:10.659Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-27T04:23:39.777Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the several whitelisted plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Memory Usage para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.98 incluida. Esto se debe a la falta de validaci\u00f3n de \"nonce\" en la funci\u00f3n wpmemory_install_plugin(). Esto permite que atacantes no autenticados instalen silenciosamente uno de los complementos de la lista blanca mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-8104", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-27T05:15:29.950", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-memory/tags/3.98/wpmemory.php#L376"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3333316"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-memory/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cbaf06b2-9ac3-4882-9212-fdcecdc5fb8c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:06:12.163337+00:00", "value": {"mitigation_remediation": ["Upgrade the Memory Usage plugin to a version that implements nonce validation in the wpmemory_install_plugin() function (any release newer than 3.98).", "Confirm that no CSRF protection remains missing by reviewing the updated code for defensive checks before processing install requests.", "Restrict administrative access to trusted users, enforce strong credentials, and enable two\u2011factor authentication to reduce the chance that a site administrator will be tricked into executing forged requests."], "summary": {"action": "Update Plugin", "impact": "Unauthenticated plugin installation via CSRF"}, "threat_synthesis": {"affected_systems": "The affected product is the Memory Usage, Memory Limit, PHP and Server Memory Health Check and Provide Suggestions plugin for WordPress, all versions up to and including 3.98.", "description_and_impact": "The Memory Usage plugin for WordPress is affected by a missing nonce validation in its wpmemory_install_plugin() function. This flaw allows an unauthenticated attacker to perform a cross\u2011site request forgery, causing the plugin to silently install whitelisted plugins when a site administrator is tricked into clicking a forged link. The result is an unauthorized plugin installation, and the vulnerability carries a CVSS score of 4.3.", "risk_and_exploitability": "The EPSS score is below 1%, indicating a small chance of exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is a CSRF scenario that requires an attacker to prompt a site administrator to visit a malicious link; the absence of a nonce check makes the request accept without authentication. Because the flaw only permits plugin installation within a whitelist, the scope of damage is limited to the installation of approved plugins."}}}}, "created": "2025-07-28T12:45:51.387371+00:00", "updated": "2026-04-20T22:15:06.189532+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}