WP Headers And Footers < 3.1.2 – Arbitrary Options Update via CSRF | CVE 2025-2111 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.

Affects Plugins

wp-headers-and-footers

Fixed in 3.1.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7b00d175-261d-46e3-bf3c-2d18f4e4972d

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Carlos Ferreira

Verified

No

WPVDB ID

d0fd9ccd-e2b2-4118-824b-2d57c00b80ee

Timeline

Publicly Published

2025-04-18 (about 1 year ago)

Added

2025-04-21 (about 1 year ago)

Last Updated

2025-04-21 (about 1 year ago)

Other

Published

Title

Published

2023-03-10

Title

Auto Prune Posts < 2.0.0 - Post Deletion Settings Update via CSRF

Published

2025-12-01

Title

Photo Gallery by Ays < 6.4.9 - Cross-Site Request Forgery to Bulk Actions

Published

2023-11-06

Title

Feather Login Page < 1.1.4 - CSRF

Published

2022-11-11

Title

AdRotate Banner Manager < 5.9.1 - Password Change via CSRF

Published

2021-08-16

Title

Rucy <= 0.4.4 - Cross-Site Request Forgery