Description
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.
Published: 2025-08-14
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Cross‑Site Request Forgery vulnerability has been discovered in the ApusTheme Findgo WordPress theme, allowing an attacker to craft a request that is automatically submitted by a victim’s browser. Because the application does not adequately validate the source of the request, an attacker could cause the victim to perform arbitrary actions on the site under the victim’s credentials. The weakness is classified as CWE‑352 and scored as high risk with a CVSS base score of 8.8.

Affected Systems

The flaw affects the ApusTheme Findgo theme for WordPress, versions up to and including 1.3.57. No specific build or platform constraints were provided, so all installations running a vulnerable version are potentially exposed.

Risk and Exploitability

The CVSS score of 8.8 indicates that this defect has a high potential impact if exploited. The EPSS score of less than 1% shows that current observed exploitation is extremely low, and the vulnerability is not listed in the CISA KEV catalog. Attackers would typically need to entice a logged‑in site user to visit a crafted URL or embed malicious content; no network‑level privilege escalation or privileged user credentials are required for the attack.

Generated by OpenCVE AI on April 30, 2026 at 08:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ApusTheme Findgo theme to a version newer than 1.3.57 once it is released.
  • If an upgrade is not immediately possible, disable or remove any theme‑related functionalities that allow state‑changing requests without multiple‑factor or nonce verification.
  • Apply a general CSRF defense, such as enforcing WordPress nonces or using security plugins that add CSRF protection to all form submissions.

Generated by OpenCVE AI on April 30, 2026 at 08:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24904 Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57. Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 15 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Apustheme
Apustheme findgo
Wordpress
Wordpress wordpress
Vendors & Products Apustheme
Apustheme findgo
Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57.
Title WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Apustheme Findgo
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:27.014Z

Reserved: 2025-07-03T14:51:13.582Z

Link: CVE-2025-53587

cve-icon Vulnrichment

Updated: 2025-08-14T20:01:24.872Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T19:15:36.860

Modified: 2026-04-23T15:32:39.417

Link: CVE-2025-53587

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T09:00:20Z

Weaknesses