CVE-2025-23989: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Internal Link Builder plugin version 1.0 and earlier. The vulnerability was identified on January 27, 2025, and was assigned CVE-2025-23989. The affected software is Alessandro Piconi - SabLab's Internal Link Builder WordPress plugin through version 1.0 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and allows unauthenticated attackers to perform CSRF attacks (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The software is considered abandoned as it hasn't been updated for over a year, increasing the security risk for users (Patchstack).

No official fix is available for this vulnerability. Users are strongly advised to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive security updates (Patchstack).

The vulnerability was initially reported by researcher SOPROBRO on October 5, 2024. Patchstack issued an early warning to their customers on January 27, 2025, before publishing the vulnerability on January 29, 2025 (Patchstack).