Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-64237

CVE-2025-64237: Quick Interest Slider CSRF Vulnerability

CVE-2025-64237 is a Cross-Site Request Forgery flaw in the Quick Interest Slider WordPress plugin that allows attackers to perform unauthorized actions. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2025-64237 Overview

CVE-2025-64237 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Graham Quick Interest Slider WordPress plugin. The flaw impacts all versions of quick-interest-slider up to and including 3.1.5. An attacker can trick an authenticated user into submitting a forged request that performs unintended state-changing actions within the plugin. Successful exploitation requires user interaction, typically by luring a logged-in administrator to a malicious page. The weakness is tracked under CWE-352 and stems from missing or insufficient anti-CSRF token validation on plugin endpoints.

Critical Impact

An attacker can induce an authenticated WordPress user to perform unintended actions in the Quick Interest Slider plugin, resulting in limited integrity impact on plugin data.

Affected Products

  • Graham Quick Interest Slider (quick-interest-slider) WordPress plugin
  • All versions from n/a through 3.1.5
  • WordPress sites with the vulnerable plugin installed and activated

Discovery Timeline

  • 2025-12-16 - CVE-2025-64237 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-64237

Vulnerability Analysis

The Quick Interest Slider plugin exposes state-changing operations without adequately verifying that requests originate from a legitimate, intentional user action. WordPress provides built-in CSRF protection through nonce tokens generated by wp_create_nonce() and validated with functions such as check_admin_referer() or wp_verify_nonce(). When plugin request handlers omit or improperly implement these checks, any authenticated session becomes a viable vector for forgery.

An attacker crafts an HTML page containing a form or JavaScript that submits a request to the vulnerable plugin endpoint on a target WordPress site. If a user with sufficient privileges visits the attacker-controlled page while logged in, the browser attaches the session cookie automatically, and the plugin processes the request as authentic. The impact is limited to integrity, meaning attacker-influenced changes to plugin-managed data or configuration rather than credential theft or arbitrary code execution.

The EPSS probability of exploitation is 0.104%, reflecting the requirement for user interaction and the narrow scope of impact.

Root Cause

The root cause is missing or improper CSRF protection [CWE-352] on one or more request handlers in quick-interest-slider versions through 3.1.5. The plugin fails to validate a nonce or equivalent unpredictable token before executing sensitive actions, allowing cross-origin requests riding on an existing authenticated session to succeed.

Attack Vector

Exploitation is network-based and requires user interaction. The attacker hosts a malicious page or delivers a crafted link through phishing. When an authenticated WordPress user with the plugin installed visits the page, the browser silently issues the forged request against the target site. No prior privileges are required by the attacker, but the victim must hold an active WordPress session with permission to invoke the affected endpoint. See the Patchstack CSRF Vulnerability Report for advisory details.

Detection Methods for CVE-2025-64237

Indicators of Compromise

  • Unexpected modifications to Quick Interest Slider plugin settings, sliders, or content items in wp-admin.
  • HTTP POST requests to plugin endpoints under /wp-admin/admin.php or /wp-admin/admin-ajax.php with Referer headers pointing to external, untrusted domains.
  • Administrator or editor activity in WordPress audit logs immediately following visits to unfamiliar external URLs.

Detection Strategies

  • Inspect web server access logs for requests to Quick Interest Slider handlers that lack a valid WordPress nonce parameter such as _wpnonce.
  • Correlate outbound browsing telemetry with subsequent authenticated write actions to the WordPress admin interface.
  • Deploy a Web Application Firewall (WAF) rule that flags cross-origin POST requests to plugin admin endpoints.

Monitoring Recommendations

  • Enable a WordPress activity logging plugin to record configuration changes and content modifications attributable to individual users.
  • Monitor for anomalous Referer and Origin header values on authenticated administrative requests.
  • Alert on plugin data changes that occur outside expected administrative workflows or business hours.

How to Mitigate CVE-2025-64237

Immediate Actions Required

  • Update Quick Interest Slider to a version later than 3.1.5 once a patched release is published by the vendor.
  • If no patched version is available, deactivate and remove the plugin until a fix is released.
  • Require administrators and editors to log out of WordPress sessions when not actively performing management tasks.

Patch Information

At the time of publication, the Patchstack advisory lists all versions through 3.1.5 as affected. Administrators should monitor the plugin's page on the WordPress plugin repository and the vendor's release notes for a fixed version, then apply it promptly across all managed WordPress installations.

Workarounds

  • Restrict access to /wp-admin/ by IP allowlist at the web server or WAF layer to reduce the attack surface for authenticated users.
  • Enforce SameSite=Lax or SameSite=Strict on WordPress session cookies to limit cross-site request delivery.
  • Train administrative users to log out of WordPress before browsing untrusted sites and to avoid clicking links from unverified sources.
bash
# Example: disable the vulnerable plugin via WP-CLI until a patch is available
wp plugin deactivate quick-interest-slider
wp plugin delete quick-interest-slider

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.