{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9894", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-02T23:10:18.408Z", "datePublished": "2025-09-27T06:47:14.091Z", "dateUpdated": "2026-04-08T16:46:31.500Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:31.500Z"}, "affected": [{"vendor": "cristianr909090", "product": "Sync Feedly", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3889aa6f-987a-4a2d-80fd-28628a6ed287?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/sync-feedly/trunk/sync-feedly.php#L156"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "timeline": [{"time": "2025-09-26T18:34:19.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-29T19:06:19.406835Z", "id": "CVE-2025-9894", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T19:06:28.278Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9894", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-29T19:06:19.406835Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T19:06:24.567Z"}}], "cna": {"title": "Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger", "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "cristianr909090", "product": "Sync Feedly", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-26T18:34:19.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3889aa6f-987a-4a2d-80fd-28628a6ed287?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/sync-feedly/trunk/sync-feedly.php#L156"}], "descriptions": [{"lang": "en", "value": "The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:31.500Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9894", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:31.500Z", "dateReserved": "2025-09-02T23:10:18.408Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-27T06:47:14.091Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsf_cron_job_func function. This makes it possible for unauthenticated attackers to trigger content synchronization from Feedly, potentially creating multiple posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-9894", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-27T07:15:34.457", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/sync-feedly/trunk/sync-feedly.php#L156"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3889aa6f-987a-4a2d-80fd-28628a6ed287?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:45:21.022426+00:00", "value": {"mitigation_remediation": ["Update the Sync Feedly plugin to a version newer than 1.0.1 where the CSRF validation is fixed.", "Configure a security plugin or custom code to enforce nonce verification on all admin actions or block cross\u2011site requests to the sync trigger endpoint.", "Instruct site administrators to exercise caution with unfamiliar links and avoid clicking suspicious URLs that could trigger unintended content synchronization."], "summary": {"action": "Assess Impact", "impact": "Cross\u2011Site Request Forgery that enables unauthenticated attackers to trigger content synchronization and potentially create posts"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Sync Feedly plugin from cristianr909090, versions up to and including 1.0.1, are affected.", "description_and_impact": "The Sync Feedly plugin for WordPress includes a missing or incorrect nonce validation in the crsf_cron_job_func function. This flaw allows an attacker to forge a request that triggers a content synchronization operation. If an administrator falls for a crafted link, the plugin may create multiple posts automatically, leading to spam or unwanted content on the site. The vulnerability does not grant arbitrary code execution, but it does permit unauthenticated creation of content through an administrator\u2019s session.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate impact. The EPSS score of <1% suggests low current exploitation probability, and the vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires a cross\u2011site request where an administrator is authenticated, and an attacker lures the admin to click a malicious link. The attack vector is user interaction, making it less likely to be automated but still feasible if phishing or social engineering succeeds."}}}}, "created": "2025-09-29T09:29:47.371666+00:00", "updated": "2026-04-21T02:45:25.958726+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}