Description
Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions aioseo-multibyte-descriptions allows Cross Site Request Forgery.This issue affects Aioseo Multibyte Descriptions: from n/a through <= 0.0.6.
Published: 2025-06-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Aioseo Multibyte Descriptions, a WordPress plugin, contains a Cross‑Site Request Forgery vulnerability that allows an attacker to send a forged request that is processed with the privileges of a logged‑in user. This flaw can be leveraged to perform state‑changing operations on the WordPress site without the user’s consent, potentially modifying content, settings, or other data. The weakness is classified as CWE‑352.

Affected Systems

WordPress installations running the Aioseo Multibyte Descriptions plugin version 0.0.6 or earlier, developed by rui_mashita. The vulnerability applies to all affected releases indiscriminately, regardless of site configuration.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, but the EPSS score of less than 1% and absence from the CISA KEV catalog suggest a low likelihood of exploitation in the wild. The attack vector is inferred to be a web‑based POST or GET request that the user’s browser would execute, requiring the victim to be authenticated. An attacker can achieve this by embedding a malicious link or form on a compromised webpage, social engineering a logged‑in user, or exploiting sites that allow public post requests.

Generated by OpenCVE AI on April 30, 2026 at 10:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Aioseo Multibyte Descriptions plugin to the latest release or uninstall it if it is no longer needed.
  • If an immediate upgrade is impossible, disable all functions of the plugin that allow external input or restrict its use to users with the most limited permissions.
  • Add a WordPress nonce or equivalent CSRF token to every state‑changing request handled by the plugin to ensure that only intentional actions from authenticated users are honored.

Generated by OpenCVE AI on April 30, 2026 at 10:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28517 Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6. Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions aioseo-multibyte-descriptions allows Cross Site Request Forgery.This issue affects Aioseo Multibyte Descriptions: from n/a through <= 0.0.6.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Fri, 27 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Jun 2025 13:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.
Title WordPress Aioseo Multibyte Descriptions plugin <= 0.0.6 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-13T00:01:37.733Z

Reserved: 2025-06-27T11:59:22.191Z

Link: CVE-2025-53327

cve-icon Vulnrichment

Updated: 2025-06-27T17:00:46.040Z

cve-icon NVD

Status : Deferred

Published: 2025-06-27T14:15:55.527

Modified: 2026-04-23T15:32:30.087

Link: CVE-2025-53327

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T10:15:34Z

Weaknesses