The NTC WordPress plugin WP Page Loading contains a Cross‑Site Request Forgery (CSRF) vulnerability in versions up to 1.0.6 that permits an attacker to force a legitimate user to execute unintended requests against the site. This flaw can potentially enable the attacker to alter plugin settings or trigger actions normally performed by the victim, but the CVE description does not enumerate the exact operations or the degree of impact. Based on typical CSRF behavior, it is inferred that any plugin functionality that requires a POST or similar request submitted from the victim’s session may be compromised, though the specific scope remains unspecified.

The vulnerability affects the WordPress plugin WP Page Loading from NTC, impacting all installations of version 1.0.6 and earlier. No further vendor or version details are provided; any site running a vulnerable instance of the plugin is potentially exposed.

The CVSS score of 4.3 indicates a moderate severity level, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the nature of CSRF, the likely attack vector involves a malicious web page or embedded content that triggers a request within an authenticated user’s session; it is inferred that an attacker would need to convince a user to visit such content, indicating a targeted rather than mass‑applied exploit. The overall risk is therefore confined to users who are logged into a site that hosts the vulnerable plugin.