What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allows Cross Site Request Forgery. This issue affects Spare: from n/a through 1.7.
CVE-2025-31639
MEDIUM
CVE-2025-31639: WordPress Spare <= 1.7 - Cross Site Request Forgery (CSRF) Vulnerability
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Key dates
02Disclosure timeline
May 16, 2025
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-49834 WordPress WOOCS – WooCommerce Currency Switcher Plugin <= 1.4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2026-4968 SourceCodester Diary App diary.php cross-site request forgery
CVE-2022-1599 Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF
CVE-2022-32516
CVE-2023-36513 WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
