CVE-2025-68573 MEDIUM

CVE-2025-68573: WordPress Simple Keyword to Link plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Alessandro Piconi

Product Simple Keyword to Link

Weakness CWE-352 · CSRF

Published December 24, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.

Explanation of Vulnerability in Simple Terms

02Summary

Simple Keyword to Link versions 1.5 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a site administrator, performs unwanted actions on the site without the admin's knowledge or consent. The vulnerability requires the admin to click the link or visit the page while logged in.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions on the site by tricking an admin into clicking a malicious link.

Potential impact on your site

04Site Impact

An attacker can modify site settings or data by deceiving administrators into clicking malicious links.

Conditions required to exploit

05Prerequisites

Site admin must click a malicious link or visit an attacker-controlled page while logged into the site.

Key dates

06Disclosure timeline

December 24, 2025 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-68573 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities