Medium severity4.3NVD Advisory· Published Dec 5, 2025· Updated Apr 15, 2026

CVE-2025-13684

Description

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark_rp_options_page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected products

WordPress/Ark Relatedpostinferred
Range: =2.19
Package: https://wordpress.org/plugins/ark-relatedpost
Never5/Related Postsllm-fuzzy
Range: = 2.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/ark-relatedpost/tags/2.19/ark-relatedpost.phpnvd
plugins.trac.wordpress.org/browser/ark-relatedpost/trunk/ark-relatedpost.phpnvd
plugins.trac.wordpress.org/changeset/3416647/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/7eb53a80-89e5-4d8c-a1ba-c272196a3340nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000