Description
Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool feedbucket allows Cross Site Request Forgery.This issue affects Feedbucket – Website Feedback Tool: from n/a through <= 1.0.6.
Published: 2025-04-01
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cross‑Site Request Forgery (CSRF) is the type of attack that allows an attacker to issue unwanted requests to a web application where the victim is authenticated. In the case of Feedbucket – Website Feedback Tool, a crafted request from a malicious site can cause the plugin to perform actions as the logged‑in user, potentially changing configuration settings or submitting content without the user’s consent. The vulnerability is classified as CWE‑352 and follows the classic CSRF pattern where no verification of the request origin is performed by the plugin.

Affected Systems

The Feedbucket – Website Feedback Tool plugin for WordPress, versions up through 1.0.6, are susceptible. Any WordPress installation that uses Feedbucket 1.0.6 or earlier is at risk and may process forged requests without proper CSRF protection.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate impact, while an EPSS score of less than 1% suggests that exploitation is currently unlikely to be widespread. The vulnerability is not listed in the CISA KEV catalog, meaning no known successful exploits have been reported to date. Exploitation requires an attacker to lure a victim into visiting a malicious site or to embed a forged request in a page the victim views; it exploits the lack of origin validation in Feedbucket’s request handling.

Generated by OpenCVE AI on May 1, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Feedbucket to a version newer than 1.0.6 if available
  • If an update cannot be applied, consider disabling or removing the Feedbucket plugin from the WordPress site
  • As a temporary measure, enforce CSRF token validation on all forms that interact with the Feedbucket plugin, if the plugin or WordPress settings allow configuration of CSRF protection

Generated by OpenCVE AI on May 1, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9177 Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool feedbucket allows Cross Site Request Forgery.This issue affects Feedbucket – Website Feedback Tool: from n/a through <= 1.0.6.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Mon, 14 Apr 2025 11:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6. Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6.

Tue, 01 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Feedbucket Feedbucket – Website Feedback Tool allows Cross Site Request Forgery. This issue affects Feedbucket – Website Feedback Tool: from n/a through 1.0.6.
Title WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:14.739Z

Reserved: 2025-04-01T13:21:07.841Z

Link: CVE-2025-31859

cve-icon Vulnrichment

Updated: 2025-04-01T16:21:55.772Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:27.440

Modified: 2026-04-23T15:28:26.140

Link: CVE-2025-31859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T02:00:06Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)