Description
Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.
Published: 2025-03-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The stesvis Frontpage category filter plugin contains a CSRF flaw that allows an attacker to submit requests to the plugin’s functionalities without the victim’s consent. This vulnerability could enable unauthorized modification of the plugin’s behavior, potentially affecting data exposed by the plugin. The weakness is identified as CWE‑352.

Affected Systems

Any WordPress site running the Frontpage category filter plugin version 1.0.2 or earlier is affected, as the vulnerability applies to all releases up to and including 1.0.2.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. The CVE description does not detail specific attack conditions or prerequisites; it merely states the existence of a CSRF flaw. Typical CSRF attacks would require the victim to be authenticated and to visit a crafted URL, but this is not explicitly confirmed in the supplied data.

Generated by OpenCVE AI on May 2, 2026 at 08:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Frontpage category filter plugin to the latest version that includes the CSRF fix.
  • If the plugin is not required, uninstall or disable it to remove the attack surface.
  • Restrict access to the plugin’s administrative pages to trusted administrators only and ensure that WordPress core CSRF protections are enabled.

Generated by OpenCVE AI on May 2, 2026 at 08:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7836 Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.
History

Tue, 28 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2. Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter frontpage-category-filter allows Cross Site Request Forgery.This issue affects Frontpage category filter: from n/a through <= 1.0.2.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00024}

 epss

{'score': 0.00034}

Tue, 18 Mar 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Stesvis
Stesvis frontpage Category Filter
CPEs cpe:2.3:a:stesvis:frontpage_category_filter:*:*:*:*:*:wordpress:*:*
Vendors & Products Stesvis
Stesvis frontpage Category Filter

Tue, 11 Mar 2025 21:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.
Title WordPress Frontpage category filter plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Stesvis Frontpage Category Filter
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:49.227Z

Reserved: 2025-03-11T08:08:49.774Z

Link: CVE-2025-28867

cve-icon Vulnrichment

Updated: 2025-03-12T15:03:15.327Z

cve-icon NVD

Status : Modified

Published: 2025-03-11T21:15:44.127

Modified: 2026-04-23T15:26:28.210

Link: CVE-2025-28867

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:00:11Z

Weaknesses