What the vulnerability does
01Description
The TextBuilder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 1.0.0 to 1.1.1. This is due to missing or incorrect nonce validation on the 'handleToken' function. This makes it possible for unauthenticated attackers to update a user's authorization token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Once the token is updated, an attacker can update the user's password and email address.
Explanation of Vulnerability in Simple Terms
02Summary
TextBuilder versions 1.0.0 through 1.1.1 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in TextBuilder user, performs unwanted actions on their behalf without their knowledge. The vulnerability requires user interaction—the victim must visit the attacker's page while authenticated. This can lead to unauthorized changes, data loss, or account compromise.
What an attacker can do
03Attacker Capabilities
Perform actions on a TextBuilder user's account without their consent by tricking them into visiting a malicious webpage.
Potential impact on your site
04Site Impact
Users' TextBuilder accounts can be compromised or modified without their knowledge if they visit untrusted sites while logged in.
Conditions required to exploit
05Prerequisites
Victim must be logged into TextBuilder and visit an attacker-controlled webpage.
Key dates
06Disclosure timeline
October 3, 2025
CVE published
October 3, 2025
Record updated
