Description
The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Published: 2025-09-12
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting via Cross‑Site Request Forgery
Action: Immediate Patch
AI Analysis

Impact

The Ultimate Blogroll plugin for WordPress suffers from a missing or incorrectly implemented nonce validation, allowing attackers to perform Cross‑Site Request Forgery. An unauthenticated attacker can craft a forged request that, when a site administrator clicks a link, updates the plugin settings with arbitrary JavaScript. This stored script is executed whenever affected pages are viewed, potentially exposing admin credentials or user data to the attacker.

Affected Systems

All versions of the Ultimate Blogroll plugin up to and including 2.5.2 performed by the vendor jensg are affected. Sites that have installed this plugin and still run 2.5.2 or earlier are at risk.

Risk and Exploitability

The CVSS score of 6.1 indicates a medium severity risk. The EPSS score of less than 1% suggests a very low current exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. However, the attack vector requires only a simple social‑engineering click from an administrator, making exploitation plausible if a target administrator is deceived. Without mitigations, the vulnerability could result in stolen credentials or compromised user sessions caused by the injected script.

Generated by OpenCVE AI on April 20, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ultimate Blogroll to version 2.5.3 or later, which removes the CSRF vulnerability.
  • If an immediate upgrade is not possible, restrict the plugin’s usage to admins who are aware of the risk and disable it for all other users.
  • Implement additional CSRF protections on admin POST requests, ensuring that every state‑changing action validates a unique nonce tied to the current session.

Generated by OpenCVE AI on April 20, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29009 The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
History

Fri, 12 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Sep 2025 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 12 Sep 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title Ultimate Blogroll <= 2.5.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:29:58.463Z

Reserved: 2025-09-02T21:45:27.693Z

Link: CVE-2025-9881

cve-icon Vulnrichment

Updated: 2025-09-12T17:13:50.537Z

cve-icon NVD

Status : Deferred

Published: 2025-09-12T04:16:06.377

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-9881

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T19:45:15Z

Weaknesses