CVE-2025-23532

CVE-2025-23532 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Regios MyAnime Widget (myanime-widget) WordPress plugin. This issue affects versions from n/a through <=1.0 and allows privilege escalation. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility, low attack complexity, no required privileges, and high impacts on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this CSRF vulnerability remotely by tricking an authenticated user, such as an administrator, into interacting with a malicious webpage or link. This user interaction submits a forged request to the plugin, enabling privilege escalation for the attacker without their prior authentication on the target site.

Patchstack has issued an advisory on this vulnerability in MyAnime Widget plugin version 1.0, available at https://patchstack.com/database/Wordpress/Plugin/myanime-widget/vulnerability/wordpress-myanime-widget-plugin-1-0-csrf-to-privilege-escalation-vulnerability?_s_id=cve, which security practitioners should consult for details on patches and mitigation steps. The CVE was published on 2025-01-16T20:15:38.783.