CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-23797

CVSS 9.8v3.1pub. 2025-01-16upd. 2026-04-23

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.

🤖 AI Analysis
How it works

The vulnerability results from insufficient CSRF token verification in requests directed to the WP Options Editor plugin. An attacker can prepare a malicious website or link that, when opened by a logged-in WordPress user, executes an unauthorized HTTP request on their behalf. In this way, it is possible to modify WordPress options in a manner leading to privilege escalation in the system.

Impact

An attacker can obtain elevated privileges in a WordPress instance, potentially taking control of the entire website or gaining administrative access.

Mitigation & patch

Patches available from the vendor should be applied according to the references. If an update is not available, it is recommended to immediately disable or remove the WP Options Editor plugin.

Who is affected

The WP Options Editor plugin by Mike Selander in versions from its inception through 1.1 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References