CVE-2025-0990: 
WordPress vulnerability analysis and mitigation

The I Am Gloria WordPress plugin version 1.1.4 and below was identified with a Cross-Site Request Forgery (CSRF) vulnerability, assigned CVE-2025-0990. The vulnerability was discovered and disclosed in March 2025, leading to the temporary closure of the plugin from the WordPress repository on March 3, 2025, pending a full security review (WordPress Plugin, Wordfence Intel).

The vulnerability has been classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS score of 4.3, indicating moderate severity. The affected versions include I Am Gloria plugin version 1.1.4 and all previous versions (Wordfence Intel).

Cross-Site Request Forgery vulnerabilities can allow attackers to perform unauthorized actions on behalf of authenticated users, potentially compromising the security and integrity of the WordPress installation (Wordfence Intel).

As a precautionary measure, the plugin has been temporarily closed and removed from the WordPress plugin repository as of March 3, 2025. Users are advised to disable and remove the plugin until a security review is completed and a patched version is released (WordPress Plugin).