Possible CSRF issue still present in latest version?

  • robmaric

    (@robmaric)


    2 months, 2 weeks ago

    Hi there. Jetpack Scan notified me there is a reported CSRF vulnerability affecting the plugin (CVE-2025-52795 / Patchstack listing), which currently indicates no confirmed fix.

    The changelog for recent versions mentions “security issues fixed,” but it’s not clear whether this specific CSRF issue has been fully addressed across all endpoints.

    Could you please clarify:

    • Is this vulnerability fully fixed in the latest version?
    • Were nonce checks added to all relevant AJAX/form handlers?
    • If so, which version includes the complete fix?

    Just want to confirm before using this in production. Thanks.

You must be logged in to reply to this topic.