Description
Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.
Published: 2025-04-04
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Cross‑Site Request Forgery (CSRF) is an attack that forces an authenticated user to submit a request that the victim did not intend. The vulnerability exists in the ABCdatos AI Content Creator WordPress plugin, affecting all releases numbered 1.2.6 or earlier. Based on the description, it is inferred that an attacker who convinces a logged‑in user to visit a malicious page can trigger the plugin to create or modify content without the user’s knowledge, potentially leading to unwanted content generation or modification.

Affected Systems

The vulnerable product is the ABCdatos AI Content Creator plugin for WordPress. All versions up to and including 1.2.6 are impacted. No other WordPress or third‑party products are mentioned, so the scope is limited to installations of this plugin.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. The EPSS score is below 1 %, implying a low but non‑zero likelihood of active exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires a user to be authenticated to the target site and to visit an attacker‑controlled page that sends a malicious request to the plugin.

Generated by OpenCVE AI on May 1, 2026 at 11:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AI Content Creator plugin to a version newer than 1.2.6.
  • If the plugin is not required on the site, disable or uninstall it until a fix is available.
  • Ensure that WordPress is running the latest stable release and that authentication cookies are marked secure to reduce the window for potential CSRF attacks.

Generated by OpenCVE AI on May 1, 2026 at 11:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9791 Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6. Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator ai-content-creator allows Cross Site Request Forgery.This issue affects AI Content Creator: from n/a through <= 1.2.6.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ABCdatos AI Content Creator allows Cross Site Request Forgery. This issue affects AI Content Creator: from n/a through 1.2.6.
Title WordPress AI Content Creator plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.773Z

Reserved: 2025-04-04T10:02:07.011Z

Link: CVE-2025-32247

cve-icon Vulnrichment

Updated: 2025-04-04T20:14:57.418Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:33.820

Modified: 2026-04-23T15:28:49.867

Link: CVE-2025-32247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:15:15Z

Weaknesses