CVE-2025-54728

Vulnerability

Overview A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress plugin CM On Demand Search And Replace, affecting versions from n/a through 1.5.2 [1]. The issue arises because the plugin fails to implement proper CSRF tokens or validation on sensitive operations, allowing an attacker to craft malicious requests that can be executed by an authenticated administrator without their knowledge.

Exploitation

Conditions Exploitation requires user interaction: an authenticated user must click a malicious link, visit a crafted page, or submit a form while logged into the WordPress admin [1]. The attacker does not need direct authentication but must trick a higher-privileged user into performing the action. No special network position is required; the attack can be delivered via email, social engineering, or cross-site scripting.

Impact

Successful exploitation could allow an attacker to force the victim to execute unintended actions under their current session, such as modifying search-and-replace operations, altering database entries, or changing plugin settings [1]. While the CVSS score is 4.3 (medium), the vulnerability could be chained with other attacks or leveraged in mass-exploit campaigns targeting multiple websites.

Mitigation

The vendor has released version 1.5.3, which addresses the CSRF vulnerability [1]. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins. According to the advisory, the severity is considered low, and exploitation is unlikely, but updating is the recommended course of action [1].