{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9627", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-28T19:25:26.321Z", "datePublished": "2025-09-11T07:24:56.522Z", "dateUpdated": "2026-04-08T17:05:51.352Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:51.352Z"}, "affected": [{"vendor": "izem", "product": "Run Log", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings including distance units, pace display preferences, style themes, and display positions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9ba35b-5ef8-4170-97f4-400fe9bd3af2?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/run-log/trunk/run-log.php#L143"}, {"url": "https://plugins.trac.wordpress.org/changeset/3361381/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "timeline": [{"time": "2025-09-10T18:53:02.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:46:07.224507Z", "id": "CVE-2025-9627", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:38:59.031Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9627", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T13:46:07.224507Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:46:09.103Z"}}], "cna": {"title": "Run Log <= 1.7.10 - Cross-Site Request Forgery to Settings Update", "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "izem", "product": "Run Log", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.7.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T18:53:02.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9ba35b-5ef8-4170-97f4-400fe9bd3af2?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/run-log/trunk/run-log.php#L143"}], "descriptions": [{"lang": "en", "value": "The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings including distance units, pace display preferences, style themes, and display positions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-11T07:24:56.522Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9627", "state": "PUBLISHED", "dateUpdated": "2025-09-11T14:38:59.031Z", "dateReserved": "2025-08-28T19:25:26.321Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-11T07:24:56.522Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Run Log plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.10. This is due to missing or incorrect nonce validation on the oirl_plugin_options function. This makes it possible for unauthenticated attackers to modify plugin settings including distance units, pace display preferences, style themes, and display positions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9627", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-11T08:15:37.597", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/run-log/trunk/run-log.php#L143"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3361381/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9ba35b-5ef8-4170-97f4-400fe9bd3af2?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:05:46.687854+00:00", "value": {"mitigation_remediation": ["Update the Run Log plugin to a version newer than 1.7.10 that applies the missing nonce validation.", "If an immediate update is unavailable, block external access to the oirl_plugin_options endpoint using a web application firewall or reverse proxy rule that requires a valid CSRF token or a custom header.", "For long\u2011term security, audit all plugins for non\u2011validated state\u2011changing endpoints and ensure proper nonce usage on every such action."], "summary": {"action": "Update", "impact": "Cross\u2011Site Request Forgery that permits unauthenticated users to alter plugin settings"}, "threat_synthesis": {"affected_systems": "The affected product is the \"Run Log\" plugin developed by izem for WordPress. All versions up to and including 1.7.10 contain the flaw; later releases contain a fix that implements proper nonce validation for the settings update endpoint.", "description_and_impact": "The Run Log plugin for WordPress allows an attacker to issue forged HTTP requests that modify configuration options such as distance units, pace display, theme style, and display positions. The vulnerability arises because the oirl_plugin_options function either omits or incorrectly verifies the required nonce. Unlike a true remote code execution flaw, this weakness does not directly expose code execution but enables an unauthenticated user to modify a site\u2019s presentation and behavior by tricking an administrator into approving a malicious link or form submission.", "risk_and_exploitability": "The CVSS score of 4.3 places this issue at a moderate severity level. An EPSS score of less than 1% reflects a very low estimated exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers can exploit the flaw by inducing an administrator to access a crafted link or button that submits a state\u2011changing request without a valid nonce, thereby changing the plugin\u2019s options. Based on the description, it is inferred that the attacker does not need to be authenticated; the exploit depends on a legitimate administrator\u2019s session and cannot be triggered by an arbitrary visitor. While the impact is limited to configuration data, it can degrade user experience or create a vector for suspicious thematic changes, so timely remediation is recommended."}}}}, "created": "2025-09-12T08:03:05.648033+00:00", "updated": "2026-04-21T19:15:26.031415+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}