CVE-2025-24712
Description
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Radius Blocks radius-blocks allows Cross Site Request Forgery.This issue affects Radius Blocks: from n/a through <= 2.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery in WordPress Radius Blocks plugin versions ≤2.1.2 allows attackers to force privileged users to execute unwanted actions.
Vulnerability
Overview Cross-Site Request Forgery (CSRF) vulnerability exists in the Radius Blocks plugin for WordPress, versions 2.1.2 and earlier. This flaw allows an attacker to trick a privileged user into unknowingly executing malicious actions.
Exploitation
Details The vulnerability requires user interaction; an attacker must lure an authenticated administrator into clicking a malicious link or visiting a crafted web page. No authentication is needed for the attacker, but the victim must have valid credentials and elevated privileges.
Impact
Successful exploitation can lead to unwanted actions under the victim's session, such as changing plugin settings, creating new administrator accounts, or other modifications that could result in full site compromise.
Mitigation
The vendor has released version 2.2.0 which patches the issue. Users are advised to update immediately. Auto-updates can be enabled via Patchstack for protection [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.