{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9620", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-28T18:53:51.346Z", "datePublished": "2025-09-11T07:24:59.771Z", "dateUpdated": "2026-04-08T17:25:17.433Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:17.433Z"}, "affected": [{"vendor": "edsteep", "product": "Seo Monster", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.3.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check_integration() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d224151c-0fe2-4032-a847-39628cc2f520?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/tpl/integration.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/inc/class_seo_monster_ui.php#L69"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "timeline": [{"time": "2025-09-10T18:50:58.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:34:43.441569Z", "id": "CVE-2025-9620", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:37:48.357Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9620", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T13:34:43.441569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:34:45.671Z"}}], "cna": {"title": "Seo Monster <= 3.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "edsteep", "product": "Seo Monster", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T18:50:58.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d224151c-0fe2-4032-a847-39628cc2f520?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/tpl/integration.php#L42"}, {"url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/inc/class_seo_monster_ui.php#L69"}], "descriptions": [{"lang": "en", "value": "The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check_integration() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:17.433Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9620", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:25:17.433Z", "dateReserved": "2025-08-28T18:53:51.346Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-11T07:24:59.771Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check_integration() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9620", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-11T08:15:37.210", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/inc/class_seo_monster_ui.php#L69"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/seo-monster/trunk/tpl/integration.php#L42"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d224151c-0fe2-4032-a847-39628cc2f520?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:37:38.842041+00:00", "value": {"mitigation_remediation": ["Upgrade the Seo Monster plugin to version 3.3.4 or later, which restores proper nonce validation for the check_integration endpoint.", "Block or restrict the check_integration endpoint for unauthenticated users using a web\u2011application firewall or security plugin, preventing forged requests from being processed.", "Advise administrators to verify the source of links before clicking, especially from unfamiliar or external sites, to reduce the risk of successful social\u2011engineering attacks."], "summary": {"action": "Patch Now", "impact": "Cross\u2011Site Request Forgery leading to stored cross\u2011site scripting"}, "threat_synthesis": {"affected_systems": "All WordPress sites running the Seo Monster plugin up to and including version 3.3.3 are affected. The plugin, provided by edsteep:<Seo Monster>, is designed to integrate SEO features; users who have installed any prior to 3.3.4 remain vulnerable.", "description_and_impact": "The Seo Monster WordPress plugin accepts requests to the check_integration() function without properly validating a nonce, enabling an attacker to forge a request that updates plugin settings and injects malicious scripts. This flaw allows an unauthenticated attacker to trick a privileged administrator into executing a link, after which the attacker can store scripts that will run in the context of any site visitor, compromising confidentiality and integrity of the website\u2019s content. The vulnerability is classified as a CSRF (CWE\u2011352), resulting in a medium\u2011severity risk.", "risk_and_exploitability": "The CVSS score of 6.1 reflects a medium impact that is attainable through social\u2011engineering in a non\u2011authenticated context. With an EPSS score of less than 1%, the likelihood of opportunistic exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the attack path is clear: an attacker crafts a forged request, bypasses nonce checks, changes a setting to contain a malicious script, and lures an administrator into triggering the request. Once executed, the injected script is stored and served to all site visitors, potentially enabling phishing, data theft, or further site compromise."}}}}, "created": "2025-09-12T08:03:05.311410+00:00", "updated": "2026-04-20T19:45:15.506606+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}