Description
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description author-box-with-different-description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through <= 1.3.5.
Published: 2025-05-19
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin implements an author‑box editing interface without a verification token, permitting a crafted request from another domain to alter the plugin’s configuration or related metadata. An attacker can trigger such a request while a user is logged in, causing the blog to display incorrect author information or other unwanted changes. The vulnerability belongs to CWE‑352.

Affected Systems

Sanjeev Mohindra’s Author Box Plugin With Different Description for WordPress is affected in all releases up to and including 1.3.5. The plugin may appear under various installation names but the vulnerability applies across all versions in that range.

Risk and Exploitability

The nominal CVSS score is 4.3, indicating a moderate risk if exploited. The EPSS value is below 1 %, suggesting a low likelihood of widespread attacks at present. The vulnerability is not listed in CISA’s KEV catalog. The most likely path involves a malicious site hijacking a logged‑in site administrator’s session to send a forged edit‑author request; it does not require code execution or remote unauthenticated access.

Generated by OpenCVE AI on April 30, 2026 at 19:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Author Box Plugin With Different Description to the latest version (greater than 1.3.5) provided by the vendor
  • If an upgrade is not immediately possible, disable the plugin until a patched release is available
  • Apply an additional WordPress security plugin or configure the existing security settings to enforce same‑site cookies and require CSRF tokens on all form submissions

Generated by OpenCVE AI on April 30, 2026 at 19:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27948 Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5. Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description author-box-with-different-description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through <= 1.3.5.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 16:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5.
Title WordPress Author Box Plugin With Different Description plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:29.819Z

Reserved: 2025-04-16T06:22:29.272Z

Link: CVE-2025-39371

cve-icon Vulnrichment

Updated: 2025-05-19T16:56:17.356Z

cve-icon NVD

Status : Deferred

Published: 2025-05-19T17:15:26.010

Modified: 2026-04-23T15:29:25.757

Link: CVE-2025-39371

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T20:00:14Z

Weaknesses