CVE-2025-39371: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Author Box Plugin With Different Description affecting versions through 1.3.5. The vulnerability was disclosed on April 25, 2025, and was assigned CVE-2025-39371 with a CVSS v3 Base Score of 4.3 (Medium) (AttackerKB, Patchstack).

The vulnerability has a CVSS v3 Base Score of 4.3 (Medium) with an Impact Score of 1.4 and Exploitability Score of 2.8. The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requires No privileges (PR:N), and needs User interaction (UI:R). The scope is Unchanged (S:U) with No impact on Confidentiality (C:N), Low impact on Integrity (I:L), and No impact on Availability (A:N) (AttackerKB).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered Low severity with primary concerns focused on integrity (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).