CVE-2025-53264 MEDIUM

CVE-2025-53264: WordPress ONet Regenerate Thumbnails plugin <= 1.5 - Cross Site Request Forgery (CSRF) Vulnerability

Vendor Konrád Koller

Product ONet Regenerate Thumbnails

Weakness CWE-352 · CSRF

Published June 27, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Konrád Koller ONet Regenerate Thumbnails onet-regenerate-thumbnails allows Cross Site Request Forgery.This issue affects ONet Regenerate Thumbnails: from n/a through <= 1.5.

Explanation of Vulnerability in Simple Terms

02Summary

ONet Regenerate Thumbnails versions 1.5 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, triggers unwanted thumbnail regeneration or other administrative actions without the admin's knowledge or consent. The vulnerability requires the victim to visit the attacker's page while authenticated.

What an attacker can do

03Attacker Capabilities

Trick a logged-in admin into performing unwanted actions like regenerating thumbnails or modifying site settings.

Potential impact on your site

04Site Impact

Administrators could unknowingly trigger resource-intensive operations or have settings changed without their consent.

Conditions required to exploit

05Prerequisites

Admin must visit attacker's malicious webpage while logged into the site.

Key dates

06Disclosure timeline

June 27, 2025 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53264 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities