HidePost WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the HidePost plugin for WordPress, affecting all versions through 2.3.8. The issue arises from inadequate nonce validation on the options.php settings page, allowing unauthenticated attackers to alter plugin settings by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings, potentially allowing attackers to manipulate how the plugin functions on the site.

Added: Sep 27, 2025, 7:23 AM

Updated: Sep 27, 2025, 7:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.0

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HidePost WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating