Description
Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows Cross Site Request Forgery.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.
Published: 2025-04-01
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Uptime Robot Plugin for WordPress (versions up to 2.3) contains a Cross Site Request Forgery flaw that allows an attacker to forge requests on behalf of an authenticated user. This could lead to unintended actions performed by the victim, such as modifying plugin settings or other operations that the logged-in user is permitted to execute. The vulnerability is a typical CSRF weakness identified as CWE‑352.

Affected Systems

WordPress sites running the Aphotrax Uptime Robot Plugin for WordPress version 2.3 or earlier. No specific earlier versions are listed, so any installation with a version number less than or equal to 2.3 is considered affected.

Risk and Exploitability

The CVSS score of 4.3 indicates a medium impact, while the EPSS score of less than 1% suggests a very low probability of exploitation at the time of reporting. The issue is not in the CISA KEV catalog. Attackers would need to trick a victim into visiting a crafted page that submits a forged request to the site using the victim’s authenticated session cookies. The weakness does not require elevated privileges and can affect all users with access to the plugin.

Generated by OpenCVE AI on May 1, 2026 at 11:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Uptime Robot Plugin to the latest available version, which may include the CSRF protection fix.
  • If an upgrade is not immediately possible, deactivate or remove the plugin to eliminate the vulnerability.
  • Deploy a site‑wide CSRF protection layer via a reputable security plugin or web application firewall, and audit all authenticated actions for proper token validation.
  • Regularly monitor access logs for unexpected POST requests or changes to plugin settings, and review user role permissions.

Generated by OpenCVE AI on May 1, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9251 Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3. Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows Cross Site Request Forgery.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 02 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n/a through 2.3.
Title WordPress Uptime Robot Plugin <= 2.3 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:12.563Z

Reserved: 2025-04-01T13:19:46.769Z

Link: CVE-2025-31776

cve-icon Vulnrichment

Updated: 2025-04-02T15:26:31.407Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:15.053

Modified: 2026-04-23T15:28:16.310

Link: CVE-2025-31776

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T12:00:15Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)