Description
Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End hide-admin-bar-from-front-end allows Cross Site Request Forgery.This issue affects Hide Admin Bar From Front End: from n/a through <= 1.0.0.
Published: 2025-06-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A CSRF flaw exists in the Hide Admin Bar From Front End plugin that lets an attacker cause logged‑in users to trigger unintended actions. By submitting a forged request, the attacker can manipulate the display of the admin bar, and potentially gain access to administrative interfaces or modify content. This weakness maps to CWE-352, showing the plugin fails to verify the request origin.

Affected Systems

The issue affects Aftab Husain’s Hide Admin Bar From Front End plugin, versions 1.0.0 and all earlier releases, when installed on WordPress sites. No specific WordPress core versions are cited, so any WordPress installation using the vulnerable plugin is impacted.

Risk and Exploitability

The CVSS score of 4.3 indicates medium severity, but the EPSS value of less than 1% signals a low probability of exploitation. The vulnerability is not listed in CISA KEV. Attacks would rely on a remote attacker tricking a logged‑in user into submitting a crafted request; credentials are not required, but the victim must be authenticated and have rights to view or alter the admin bar. The likely attack vector is social engineering or phishing, and exploitability depends on user awareness and security awareness practices.

Generated by OpenCVE AI on May 1, 2026 at 07:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Hide Admin Bar From Front End to any version newer than 1.0.0.
  • If an upgrade is not available, remove or disable the plugin entirely.
  • Deploy a security plugin or firewall rule that blocks unauthorized POST requests to admin bar endpoints, or enforce SameSite cookie settings to mitigate CSRF.

Generated by OpenCVE AI on May 1, 2026 at 07:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19349 Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0. Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End hide-admin-bar-from-front-end allows Cross Site Request Forgery.This issue affects Hide Admin Bar From Front End: from n/a through <= 1.0.0.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 27 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Jun 2025 13:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in Aftab Husain Hide Admin Bar From Front End allows Cross Site Request Forgery. This issue affects Hide Admin Bar From Front End: from n/a through 1.0.0.
Title WordPress Hide Admin Bar From Front End plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:22.106Z

Reserved: 2025-06-27T11:58:33.815Z

Link: CVE-2025-53267

cve-icon Vulnrichment

Updated: 2025-06-27T13:51:22.101Z

cve-icon NVD

Status : Deferred

Published: 2025-06-27T14:15:46.943

Modified: 2026-04-23T15:32:23.540

Link: CVE-2025-53267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:15:11Z

Weaknesses