CVE-2025-22768: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in Qwerty23 Rocket Media Library Mime Type plugin affecting versions through 2.1.0. The vulnerability was disclosed on January 23, 2025, and assigned identifier CVE-2025-22768. This security issue allows attackers to perform Stored Cross-Site Scripting (XSS) attacks through CSRF (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue has been classified under CWE-352 (Cross-Site Request Forgery). The vulnerability allows unauthenticated attackers to execute unwanted actions under the current authentication of higher privileged users (NVD, Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It allows attackers to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored XSS attacks (Patchstack).

Currently, there is no official fix available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Users are advised to implement the virtual patch immediately (Patchstack).