Description
Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts dn-footer-contacts allows Cross Site Request Forgery.This issue affects DN Footer Contacts: from n/a through <= 1.8.1.
Published: 2025-04-01
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery flaw that lets an attacker trigger plugin actions on behalf of any authenticated WordPress user without the user’s knowledge. By exploiting the lack of proper request validation, an external actor can cause the plugin to execute actions such as adding or removing contact entries, potentially leading to unauthorized content changes or other admin‑level activities. The weakness is recognized as CWE‑352.

Affected Systems

The affected product is the DN Footer Contacts plugin from digireturn. Versions up through and including 1.8.1 are vulnerable. Users running WordPress with this plugin installed are susceptible.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity, while the EPSS score of less than 1% signals a low likelihood of exploitation as of the latest data. The plugin is not listed in the CISA KEV catalog. The likely attack path involves an attacker sending a crafted URL or embedding a malicious link; when an authenticated user visits that link, the plugin processes the request without adequate CSRF protection, resulting in unintended actions. The overall risk is moderate due to the moderate score, but the low exploitation probability reduces urgency compared to higher‑impact flaws.

Generated by OpenCVE AI on May 1, 2026 at 11:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the DN Footer Contacts plugin to the latest version (greater than 1.8.1) to remove the CSRF flaw.
  • Ensure that the updated plugin includes proper CSRF token validation for all state‑changing requests.
  • Disable or restrict access to any exposed endpoints of the plugin that are not intended for public use, and verify that remaining actions require valid user authentication.

Generated by OpenCVE AI on May 1, 2026 at 11:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9197 Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8. Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts dn-footer-contacts allows Cross Site Request Forgery.This issue affects DN Footer Contacts: from n/a through <= 1.8.1.
Title WordPress Footer Contacts Bar Plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability WordPress Footer Contacts Bar plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Tue, 01 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in digireturn DN Footer Contacts allows Cross Site Request Forgery. This issue affects DN Footer Contacts: from n/a through 1.8.
Title WordPress Footer Contacts Bar Plugin <= 1.8 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:58:59.007Z

Reserved: 2025-04-01T13:20:50.879Z

Link: CVE-2025-31839

cve-icon Vulnrichment

Updated: 2025-04-01T18:19:44.808Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:24.583

Modified: 2026-04-23T15:28:23.583

Link: CVE-2025-31839

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:45:16Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)