Description
Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink cliplink allows Cross Site Request Forgery.This issue affects ClipLink: from n/a through <= 1.1.
Published: 2025-06-20
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ClipLink plugin (indgeek) contains a CSRF flaw that allows a malicious actor to send requests authenticated as a logged‑in WordPress user. Based on the nature of CSRF, the attacker could potentially trigger any action that the authenticated user is permitted to perform, which may affect site content or configuration. The description does not specify exact impact, so this possibility is inferred from standard CSRF behavior.

Affected Systems

The vulnerability affects the ClipLink plugin from indgeek, all releases up to and including version 1.1. No specific sub‑versions were listed, so the entire range from 1.0 to 1.1 is impacted.

Risk and Exploitability

The CVSS score of 4.3 places the flaw in the low‑to‑moderate range. The EPSS score of < 1% indicates that the likelihood of exploitation in the near future is very low, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is web‑based; exploitation requires the victim to be authenticated to WordPress and to visit a malicious site that submits the forged request. No additional system privileges beyond existing authentication are required. The risk is modest, but remediation is advisable.

Generated by OpenCVE AI on May 2, 2026 at 01:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ClipLink plugin to the latest version that addresses the CSRF flaw.
  • If an upgrade is unavailable, deactivate or uninstall the ClipLink plugin to eliminate the attack surface.
  • Restrict administrative privileges and enforce strong, unique passwords; enable two‑factor authentication to reduce the impact of potential CSRF attacks.

Generated by OpenCVE AI on May 2, 2026 at 01:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28332 Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1. Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink cliplink allows Cross Site Request Forgery.This issue affects ClipLink: from n/a through <= 1.1.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 20 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1.
Title WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:14.187Z

Reserved: 2025-06-11T16:07:41.544Z

Link: CVE-2025-49964

cve-icon Vulnrichment

Updated: 2025-06-20T16:20:18.743Z

cve-icon NVD

Status : Deferred

Published: 2025-06-20T15:15:21.137

Modified: 2026-04-23T15:31:52.960

Link: CVE-2025-49964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T01:30:16Z

Weaknesses