Description
Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed rdp-wiki-embed allows Cross Site Request Forgery.This issue affects RDP Wiki Embed: from n/a through <= 1.2.20.
Published: 2025-04-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The RDP Wiki Embed plugin contains a CSRF flaw that allows a malicious actor to craft a request that the WordPress site will process as if it originated from an authenticated user, thereby enabling the attacker to submit unwanted actions on the site without the user’s knowledge or approval.

Affected Systems

All installations of Robert D Payne’s RDP Wiki Embed plugin with a version of 1.2.20 or earlier are affected. Site owners should verify the exact plugin version and ensure it falls within this vulnerable range.

Risk and Exploitability

The CVSS score of 4.3 places the issue at moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation. Attackers would likely need an authenticated user to visit a crafted URL or submit a malicious form that triggers the vulnerable plugin’s functionality.

Generated by OpenCVE AI on May 1, 2026 at 11:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RDP Wiki Embed plugin to a version newer than 1.2.20 once it becomes available.
  • If an update is not yet released, deactivate the RDP Wiki Embed plugin to remove the CSRF vector.
  • As a temporary measure, restrict access to the plugin’s embed feature or enforce strict nonce validation on embed requests.

Generated by OpenCVE AI on May 1, 2026 at 11:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9784 Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20. Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed rdp-wiki-embed allows Cross Site Request Forgery.This issue affects RDP Wiki Embed: from n/a through <= 1.2.20.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Tue, 08 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Robert D Payne RDP Wiki Embed allows Cross Site Request Forgery. This issue affects RDP Wiki Embed: from n/a through 1.2.20.
Title WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:20.026Z

Reserved: 2025-04-04T10:02:22.506Z

Link: CVE-2025-32262

cve-icon Vulnrichment

Updated: 2025-04-08T18:43:32.524Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:36.887

Modified: 2026-04-23T15:28:51.620

Link: CVE-2025-32262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:15:15Z

Weaknesses