CVE-2025-26925: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in WordPress Admin Menu Manager plugin version 1.0.3 and earlier versions. The vulnerability was reported on February 20, 2025, and publicly disclosed on February 26, 2025. This security issue affects the Admin Menu Manager WordPress plugin and allows potential attackers to force privileged users to execute unwanted actions under their current authentication (Patchstack).

The vulnerability has been assigned CVE-2025-26925 and received a CVSS score of 4.3, indicating a low severity impact. The security flaw can be exploited without authentication, making it accessible to unauthenticated attackers. The vulnerability was discovered by security researcher Nguyen Thi Huyen Trang (Skalucy) and falls under the OWASP Top 10 category of A1: Broken Access Control (Patchstack).

The vulnerability could enable malicious actors to force higher privileged users to execute unwanted actions under their current authentication. However, the security issue has been assessed to have a low severity impact and is considered unlikely to be exploited (Patchstack).

Currently, there is no official fix available for this vulnerability. Given the low severity impact, virtual patching has been deemed unnecessary by security researchers (Patchstack).