Reuters Direct WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Reuters Direct plugin for WordPress, affecting all versions through 3.0.0. The issue arises from inadequate nonce validation on the 'class-reuters-direct-settings.php' page, allowing unauthenticated attackers to reset the plugin's settings. Exploitation requires tricking a site administrator into clicking a link that initiates the forged request.
Impact
Exploitation of this vulnerability allows for Cross-Site Request Forgery, enabling attackers to reset the plugin's settings without authorization.
Added: Nov 27, 2025, 3:22 AM
Updated: Nov 27, 2025, 3:22 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
6.4remediation
0.0relevance
1.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.