{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9889", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-02T22:28:51.838Z", "datePublished": "2025-10-03T11:17:19.123Z", "dateUpdated": "2026-04-08T17:13:21.694Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:21.694Z"}, "affected": [{"vendor": "contentmx", "product": "ContentMX Content Publisher", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated attackers to bind their own ContentMX connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5dd354f-080f-4be9-837e-eed48037f140?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.6/inc/admin.php#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.7/inc/admin.php#L7"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-10-02T22:17:44.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-03T14:03:41.024777Z", "id": "CVE-2025-9889", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T14:03:49.950Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9889", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-03T14:03:41.024777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-03T14:03:45.689Z"}}], "cna": {"title": "ContentMX Content Publisher <= 1.0.6 - Cross-Site Request Forgery", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "contentmx", "product": "ContentMX Content Publisher", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-02T22:17:44.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5dd354f-080f-4be9-837e-eed48037f140?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.6/inc/admin.php#L7"}, {"url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.7/inc/admin.php#L7"}], "descriptions": [{"lang": "en", "value": "The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated attackers to bind their own ContentMX connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:21.694Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9889", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:21.694Z", "dateReserved": "2025-09-02T22:28:51.838Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-03T11:17:19.123Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ContentMX Content Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the cmx_activate_connection function. This makes it possible for unauthenticated attackers to bind their own ContentMX connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9889", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-03T12:15:50.140", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.6/inc/admin.php#L7"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/contentmx-content-publisher/tags/1.0.7/inc/admin.php#L7"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a5dd354f-080f-4be9-837e-eed48037f140?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:23:37.453928+00:00", "value": {"mitigation_remediation": ["Update the ContentMX Content Publisher plugin to version\u00a01.0.7 or later to remove the CSRF flaw. ", "Survey all managed WordPress sites to confirm no installation of the vulnerable 1.0.6 or earlier plugin remains. ", "If the patch cannot be applied immediately, disable or remove the ContentMX Content Publisher plugin until the update is installed to prevent the attack vector."], "summary": {"action": "Patch", "impact": "Cross\u2011Site Request Forgery (CSRF)"}, "threat_synthesis": {"affected_systems": "All installations of the ContentMX Content Publisher plugin for WordPress with version 1.0.6 or earlier are affected. The vulnerability applies to the plugin as distributed under the vendor contentmx:ContentMX Content Publisher.", "description_and_impact": "The ContentMX Content Publisher plugin contains a CSRF flaw caused by missing or incorrect nonce validation in the cmx_activate_connection action. This permits an unauthenticated attacker to trigger the action by causing a site administrator to click a crafted link. The result is that the attacker can bind their own ContentMX connection to the vulnerable site, potentially allowing unauthorized configuration or content manipulation. The weakness is classified as CWE\u2011352 and can compromise the integrity of the site\u2019s plugin configuration, and potentially expose sensitive management data.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity. The EPSS score of less than 1\u202f% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. A likely attack path involves an attacker tricking an administrator into visiting a malicious link that submits the forged request. Successful exploitation would alter the plugin configuration without requiring the administrator\u2019s credentials."}}}}, "created": "2025-10-06T14:43:08.364684+00:00", "updated": "2026-04-20T19:30:06.166483+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}