Primary

Context

CTL Arcade Lite WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the CTL Arcade Lite plugin for WordPress, affecting all versions up to and including 1.0. The vulnerability arises from inadequate nonce validation on the 'ctl_arcade_lite_page_manage_games' page. This flaw allows unauthenticated attackers to deactivate and activate arbitrary plugins by sending a forged request, provided they can persuade a site administrator to click a link or perform a similar action.

Impact

Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling unauthorized actions to be performed on behalf of a user, such as deactivating or activating plugins.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Nov 11, 2025, 4:53 AM

Updated: Nov 11, 2025, 4:53 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CTL Arcade Lite WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating