CVE-2025-32591: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress WP Abstracts plugin, affecting versions through 2.7.4. The vulnerability was initially reported by Abdi Pranata on December 31, 2024, and was officially published on April 9, 2025. The issue received the identifier CVE-2025-32591 and affects the Kevon Adonis WP Abstracts plugin (Patchstack).

The vulnerability has been classified as CWE-352 (Cross-Site Request Forgery) and received a CVSS v3.1 base score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This scoring indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, with low impacts on confidentiality, integrity, and availability (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. This CSRF vulnerability potentially enables attackers to perform unauthorized actions on behalf of authenticated users (Patchstack).

As of the vulnerability disclosure, no official fix is available for this security issue. The vulnerability affects versions up to and including 2.7.4, but no patched version has been released (Patchstack).