Description
Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List authors-list allows Cross Site Request Forgery.This issue affects Authors List: from n/a through <= 2.0.6.2.
Published: 2025-09-05
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery flaw in the WPKube Authors List plugin up to version 2.0.6.2. It allows an attacker to submit forged requests that the site processes as if they were made by an authenticated user, potentially leading to unauthorized modifications of author data or other plugin functions. The weakness is classified as CWE‑352.

Affected Systems

WordPress installations using the WPKube Authors List plugin version 2.0.6.2 or earlier are affected. The plugin integrates into the WordPress admin interface and is typically used to display or manage author lists on a site.

Risk and Exploitability

The CVSS score of 4.3 signals a moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The attack vector is web‑based CSRF, requiring the victim to be authenticated to the target site and to follow a crafted link or form. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 30, 2026 at 02:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Authors List plugin to the latest available version (≥2.0.6.3 or later) to eliminate the flaw.
  • If an upgrade is not immediately feasible, add or enable CSRF tokens for plugin‑related requests, or disable the authors‑list functionality until the update is applied.
  • Monitor site logs for anomalous requests originating from unfamiliar IP addresses and reject requests lacking valid authentication or CSRF tokens.

Generated by OpenCVE AI on April 30, 2026 at 02:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26985 Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List allows Cross Site Request Forgery. This issue affects Authors List: from n/a through 2.0.6.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List allows Cross Site Request Forgery. This issue affects Authors List: from n/a through 2.0.6.1. Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List authors-list allows Cross Site Request Forgery.This issue affects Authors List: from n/a through <= 2.0.6.2.
Title WordPress Authors List Plugin <= 2.0.6.1 - Cross Site Request Forgery (CSRF) Vulnerability WordPress Authors List plugin <= 2.0.6.2 - Cross Site Request Forgery (CSRF) vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Sun, 07 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpkube
Wpkube authors List
Vendors & Products Wordpress
Wordpress wordpress
Wpkube
Wpkube authors List

Fri, 05 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in WPKube Authors List allows Cross Site Request Forgery. This issue affects Authors List: from n/a through 2.0.6.1.
Title WordPress Authors List Plugin <= 2.0.6.1 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Wpkube Authors List
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-13T00:18:06.295Z

Reserved: 2025-09-05T10:48:52.285Z

Link: CVE-2025-58792

cve-icon Vulnrichment

Updated: 2025-09-05T15:36:26.121Z

cve-icon NVD

Status : Deferred

Published: 2025-09-05T14:15:47.730

Modified: 2026-04-23T15:33:38.660

Link: CVE-2025-58792

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:45:16Z

Weaknesses