WP2HTML WordPress Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP2HTML plugin for WordPress, affecting all versions through 1.0.2. The issue arises from inadequate nonce validation in the save() function, allowing unauthenticated attackers to manipulate plugin settings by sending forged requests that trick site administrators into taking certain actions, such as clicking a link.
Impact
Exploitation of this vulnerability allows for unauthorized modification of plugin settings, potentially leading to further security issues or misuse of the plugin's functionality.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
7.0remediation
0.0relevance
0.2threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.