CVE-2025-23815: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the WordPress root Cookie plugin, affecting versions up to 1.6. The vulnerability was discovered by researcher SOPROBRO on December 6, 2024, and was officially published on January 16, 2025. The issue has been assigned CVE-2025-23815 and received a CVSS v3.1 score of 7.1 (High) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and has been assigned a CVSS v3.1 Base Score of 7.1 with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires no authentication to exploit and affects the root Cookie plugin through version 1.6 (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered to have low severity and is deemed unlikely to be exploited, though it affects confidentiality, integrity, and availability at a low level (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to 1.6 of the root Cookie plugin, and no patched version has been released (Patchstack).