{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9881", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-02T21:45:27.693Z", "datePublished": "2025-09-12T03:22:44.713Z", "dateUpdated": "2026-04-08T17:29:58.463Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:58.463Z"}, "affected": [{"vendor": "jensg", "product": "Ultimate Blogroll", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d82cd5-42cc-412b-8026-53736680407d?source=cve"}, {"url": "https://wordpress.org/plugins/ultimate-blogroll/"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-blogroll/tags/2.5.2/gui/Linkpartner.php#L34"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-09-11T14:48:59.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-12T17:13:44.220555Z", "id": "CVE-2025-9881", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:13:55.722Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9881", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-12T17:13:44.220555Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-12T17:13:50.537Z"}}], "cna": {"title": "Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "jensg", "product": "Ultimate Blogroll", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-11T14:48:59.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d82cd5-42cc-412b-8026-53736680407d?source=cve"}, {"url": "https://wordpress.org/plugins/ultimate-blogroll/"}, {"url": "https://plugins.trac.wordpress.org/browser/ultimate-blogroll/tags/2.5.2/gui/Linkpartner.php#L34"}], "descriptions": [{"lang": "en", "value": "The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:58.463Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9881", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:58.463Z", "dateReserved": "2025-09-02T21:45:27.693Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-12T03:22:44.713Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9881", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-12T04:16:06.377", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/ultimate-blogroll/tags/2.5.2/gui/Linkpartner.php#L34"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/ultimate-blogroll/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d82cd5-42cc-412b-8026-53736680407d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:34:36.558532+00:00", "value": {"mitigation_remediation": ["Upgrade Ultimate Blogroll to version 2.5.3 or later, which removes the CSRF vulnerability.", "If an immediate upgrade is not possible, restrict the plugin\u2019s usage to admins who are aware of the risk and disable it for all other users.", "Implement additional CSRF protections on admin POST requests, ensuring that every state\u2011changing action validates a unique nonce tied to the current session."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting via Cross\u2011Site Request Forgery"}, "threat_synthesis": {"affected_systems": "All versions of the Ultimate Blogroll plugin up to and including 2.5.2 performed by the vendor jensg are affected. Sites that have installed this plugin and still run 2.5.2 or earlier are at risk.", "description_and_impact": "The Ultimate Blogroll plugin for WordPress suffers from a missing or incorrectly implemented nonce validation, allowing attackers to perform Cross\u2011Site Request Forgery. An unauthenticated attacker can craft a forged request that, when a site administrator clicks a link, updates the plugin settings with arbitrary JavaScript. This stored script is executed whenever affected pages are viewed, potentially exposing admin credentials or user data to the attacker.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a medium severity risk. The EPSS score of less than 1% suggests a very low current exploitation probability, and the vulnerability is not listed in CISA\u2019s KEV catalog. However, the attack vector requires only a simple social\u2011engineering click from an administrator, making exploitation plausible if a target administrator is deceived. Without mitigations, the vulnerability could result in stolen credentials or compromised user sessions caused by the injected script."}}}}, "created": "2025-09-12T08:02:30.240224+00:00", "updated": "2026-04-20T19:45:15.504745+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}