VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Sep 20, 2025· Updated Apr 15, 2026

CVE-2025-9882

CVE-2025-9882

Description

The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The osTicket WP Bridge plugin for WordPress (≤1.9.2) suffers from Cross-Site Request Forgery allowing unauthenticated attackers to modify settings and inject scripts via admin trickery.

Vulnerability

Overview The osTicket WP Bridge plugin for WordPress, in all versions up to and including 1.9.2, is vulnerable to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on a function. This flaw allows an attacker to perform unauthorized actions on behalf of a site administrator [1].

Exploitation

Conditions An unauthenticated attacker can craft a malicious request to update plugin settings and inject malicious web scripts (XSS). The attack requires tricking a logged-in administrator into performing an action, such as clicking a link, which then executes the forged request [1].

Impact

Successful exploitation enables the attacker to modify critical plugin settings and inject arbitrary JavaScript or HTML, potentially leading to further compromise of the WordPress site or its users [1].

Mitigation

Status The plugin has been closed as of September 17, 2025, due to the security issue [1]. Users are advised to immediately remove the plugin and seek alternative solutions, as no patched version is available.

References
  1. osTicket WP Bridge

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.