CVE-2025-31005: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Easyfonts plugin, affecting versions up to 1.1.2. The vulnerability was reported on February 27, 2025, by security researcher Nguyen Thi Huyen Trang (Skalucy) and was publicly disclosed on April 9, 2025. The issue was assigned CVE-2025-31005 and received a CVSS v3.1 score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and received a CVSS v3.1 Base Score of 4.3 MEDIUM with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low to medium, with potential impacts primarily focused on integrity rather than confidentiality or availability (Patchstack).

The vulnerability has been fixed in version 1.1.3 of the Easyfonts plugin. Users are advised to update to version 1.1.3 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).