Description
Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
Published: 2025-06-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site request forgery flaw in the Themeisle Cyrlitera WordPress plugin allows an attacker to force an authenticated user to execute actions on the site without the user’s consent. The weakness, identified as CWE‑352, can lead to unauthorized modifications or deletions performed with the privileges of the victim. It does not grant arbitrary code execution or direct data exfiltration but can be used to alter site content, settings, or mechanical operations that the logged‑in user can perform.

Affected Systems

WordPress sites that run the Themeisle Cyrlitera plugin, version 1.3.0 or older.

Risk and Exploitability

The CVSS base score of 4.3 indicates moderate severity. An EPSS score of less than 1% suggests low probability of exploitation at this time, and the vulnerability is not listed in CISA's KEV catalog. Exploitation requires that the target user is authenticated to the site and that the attacker can trick the user into submitting a crafted request, usually via social engineering or a malicious link.

Generated by OpenCVE AI on April 30, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cyrlitera plugin to the latest release that contains the CSRF fix.
  • If no upgrade is immediately available, disable or remove the plugin to eliminate the risk.
  • Enable a security plugin or configure WordPress to enforce nonce validation on sensitive actions to mitigate similar CSRF threats.

Generated by OpenCVE AI on April 30, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19392 Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0. Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.
Title WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability WordPress Cyrlitera plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 27 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Jun 2025 13:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in webcraftic Cyrlitera allows Cross Site Request Forgery. This issue affects Cyrlitera: from n/a through 1.2.0.
Title WordPress Cyrlitera plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:21.963Z

Reserved: 2025-06-27T11:58:24.740Z

Link: CVE-2025-53254

cve-icon Vulnrichment

Updated: 2025-06-27T14:36:48.319Z

cve-icon NVD

Status : Deferred

Published: 2025-06-27T14:15:44.560

Modified: 2026-04-23T15:32:22.013

Link: CVE-2025-53254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T10:30:34Z

Weaknesses