{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9629", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-28T19:34:06.478Z", "datePublished": "2025-09-17T01:49:16.942Z", "dateUpdated": "2026-04-08T17:25:24.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:24.791Z"}, "affected": [{"vendor": "shenyanzhi", "product": "USS Upyun", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_page function when processing the uss_set form type. This makes it possible for unauthenticated attackers to modify critical Upyun cloud storage settings including bucket name, operator credentials, upload paths, and image processing parameters via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "USS Upyun <= 1.5.0 - Cross-Site Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2cee46a-03d5-4a31-ba15-28be97794199?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L493"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L499"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.1/upyun-uss-wordpress.php#L493"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "timeline": [{"time": "2025-09-16T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T13:09:46.988413Z", "id": "CVE-2025-9629", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T13:09:57.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9629", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-17T13:09:46.988413Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T13:09:53.081Z"}}], "cna": {"title": "USS Upyun <= 1.5.0 - Cross-Site Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "Sandeep"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "shenyanzhi", "product": "USS Upyun", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-16T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2cee46a-03d5-4a31-ba15-28be97794199?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L493"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L499"}, {"url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.1/upyun-uss-wordpress.php#L493"}], "descriptions": [{"lang": "en", "value": "The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_page function when processing the uss_set form type. This makes it possible for unauthenticated attackers to modify critical Upyun cloud storage settings including bucket name, operator credentials, upload paths, and image processing parameters via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-17T01:49:16.942Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9629", "state": "PUBLISHED", "dateUpdated": "2025-09-17T13:09:57.499Z", "dateReserved": "2025-08-28T19:34:06.478Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-17T01:49:16.942Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The USS Upyun plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on the uss_setting_page function when processing the uss_set form type. This makes it possible for unauthenticated attackers to modify critical Upyun cloud storage settings including bucket name, operator credentials, upload paths, and image processing parameters via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9629", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-17T02:15:33.650", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L493"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.0/upyun-uss-wordpress.php#L499"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/uss-upyun/tags/1.5.1/upyun-uss-wordpress.php#L493"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d2cee46a-03d5-4a31-ba15-28be97794199?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:53:32.111794+00:00", "value": {"mitigation_remediation": ["Update the USS Upyun plugin to version 1.5.1 or later where the nonce validation has been restored.", "Restrict access to the plugin\u2019s settings page by limiting administrative privileges to a minimal set of trusted users or applying role\u2011based access control.", "Ensure all WordPress administrator accounts use strong, unique passwords and enable two\u2011factor authentication to reduce the risk of an admin being tricked into clicking malicious links."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized configuration changes via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress installations that use USS Upyun plugin version 1.5.0 or earlier are affected. The vulnerability exists in all releases up to and including 1.5.0, regardless of other plugin or theme configurations, and specifically targets the settings page handling Upyun integration.", "description_and_impact": "The USS Upyun plugin for WordPress allows attackers to perform Cross\u2011Site Request Forgery because the uss_setting_page function does not correctly validate a nonce when processing the uss_set form type. An unauthenticated attacker can craft a forged request that causes an administrator, lured by a malicious link, to submit a form that changes critical Upyun cloud storage settings\u2014bucket names, operator credentials, upload paths, and image\u2011processing parameters\u2014without needing to be logged in yourself. This flaw enables an attacker to modify the cloud storage configuration of the site.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate risk, while the EPSS score of less than 1% shows a very low likelihood of exploitation at this time. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting it is not known to be actively exploited in the wild. Likely attack vectors involve a CSRF request presented to an authenticated administrator; the attacker must convince a site admin to click a crafted link or otherwise submit the forged form. Successful exploitation allows the attacker to alter critical cloud storage settings."}}}}, "created": "2025-09-17T10:04:02.304379+00:00", "updated": "2026-04-21T03:00:06.378040+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}