CVE-2025-31439 MEDIUM

CVE-2025-31439: WordPress Browser Caching with .htaccess 1.2.1 - Cross Site Request Forgery (CSRF) Vulnerability

Vendor Tobias_.Merz
Product Browser Caching with .htaccess
Weakness CWE-352 · CSRF
Published March 28, 2025
Last update April 28, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in tobias_.MerZ Browser Caching with .htaccess allows Cross Site Request Forgery. This issue affects Browser Caching with .htaccess: from 1.2.1 through n/a.

Explanation of Vulnerability in Simple Terms

02Summary

A cross-site request forgery vulnerability in Browser Caching with .htaccess allows an attacker to perform unwanted actions on behalf of a user who visits a malicious page. The attacker cannot read sensitive data, but can modify site content or cause temporary unavailability. A victim must click a link or visit a page controlled by the attacker to trigger the vulnerability.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions (modify content or cause downtime) on behalf of a logged-in user.

Potential impact on your site

04Site Impact

Users' actions can be hijacked to modify site settings, content, or cause service disruption without their knowledge.

Conditions required to exploit

05Prerequisites

Victim must visit a page or click a link controlled by the attacker while logged in.

Key dates

06Disclosure timeline

March 28, 2025 CVE published
April 28, 2026 Record updated