{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9625", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-28T19:12:46.528Z", "datePublished": "2025-11-18T08:27:31.753Z", "dateUpdated": "2026-04-08T16:50:46.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:50:46.791Z"}, "affected": [{"vendor": "interledger", "product": "Coil Web Monetization", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa4cb93-7af3-4427-a17f-160b27fcebb8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/functions.php#L48"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L202"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L195"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "timeline": [{"time": "2025-11-17T20:18:18.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T15:42:17.670687Z", "id": "CVE-2025-9625", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T15:42:27.177Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9625", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T15:42:17.670687Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T15:42:21.625Z"}}], "cna": {"title": "Coil Web Monetization <= 2.0.2 - Cross-Site Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "interledger", "product": "Coil Web Monetization", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.0.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-17T20:18:18.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa4cb93-7af3-4427-a17f-160b27fcebb8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/functions.php#L48"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L202"}, {"url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L195"}], "descriptions": [{"lang": "en", "value": "The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-11-18T08:27:31.753Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9625", "state": "PUBLISHED", "dateUpdated": "2025-11-18T15:42:27.177Z", "dateReserved": "2025-08-28T19:12:46.528Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-18T08:27:31.753Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9625", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-18T09:15:53.850", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/functions.php#L48"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L195"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/coil-web-monetization/tags/2.0.2/includes/gating/functions.php#L202"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa4cb93-7af3-4427-a17f-160b27fcebb8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T18:18:56.656401+00:00", "value": {"mitigation_remediation": ["Upgrade the Coil Web Monetization plugin to the latest version that includes proper nonce validation for the coil\u2011get\u2011css\u2011selector action.", "If an upgrade is not immediately possible, temporarily disable the Coil Web Monetization plugin or remove the coil\u2011get\u2011css\u2011selector functionality until a patch is available.", "Implement additional safeguards for administrator accounts, such as two\u2011factor authentication and IP\u2011based restrictions, to reduce the success rate of the social\u2011engineering component of the attack."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Action Execution via CSRF"}, "threat_synthesis": {"affected_systems": "Vendors: interledger; Product: Coil Web Monetization WordPress plugin. All versions up to and including 2.0.2 are affected. No further sub\u2011version detail is supplied.", "description_and_impact": "The Coil Web Monetization plugin for WordPress contains a Cross\u2011Site Request Forgery flaw caused by missing or incorrect nonce validation on the coil\u2011get\u2011css\u2011selector parameter in the maybe_restrict_content function. An unauthenticated attacker can forge a request that triggers the CSS selector detection routine when a site administrator clicks a malicious link, allowing the attacker to invoke functionality the admin did not intend to execute. The flaw does not provide direct code execution or data disclosure but enables unauthorized action execution on the site.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate impact, and the EPSS score of less than 1% implies a very low probability of exploitation at this time. The flaw is listed as not in the CISA KEV catalog. Exploitation requires a social engineering attack that convinces an administrator to visit a crafted URL, a typical CSRF scenario. The attack vector is remote via HTTP, and no local privilege escalation is required."}}}}, "created": "2025-11-18T14:15:55.673829+00:00", "updated": "2026-04-21T18:30:27.579643+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}