CVE-2025-31079 MEDIUM

CVE-2025-31079: WordPress Usermaven plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Usermaven
Product Usermaven
Weakness CWE-352 · CSRF
Published March 28, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.

Explanation of Vulnerability in Simple Terms

02Summary

Usermaven versions up to 1.2.1 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of a logged-in user. The vulnerability requires the victim to visit a malicious webpage while authenticated to Usermaven. An attacker can modify user settings or data, but cannot read sensitive information. Update to version 1.2.2 or later.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions (like changing settings) on behalf of a logged-in Usermaven user.

Potential impact on your site

04Site Impact

Users' Usermaven settings or data could be modified without their knowledge if they visit a malicious link while logged in.

Conditions required to exploit

05Prerequisites

Victim must be logged into Usermaven and visit an attacker-controlled webpage.

Key dates

06Disclosure timeline

March 28, 2025 CVE published
April 28, 2026 Record updated