CVE-2025-47624: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in apasionados DoFollow Case by Case WordPress plugin, affecting versions through 3.5.1. The vulnerability was disclosed on May 7, 2025, and has been assigned identifier CVE-2025-47624. This security issue affects the WordPress plugin ecosystem and allows attackers to perform Cross Site Request Forgery attacks (NVD, Patchstack).

The vulnerability has been classified as CWE-352 (Cross-Site Request Forgery) and received a CVSS v3.1 base score of 8.8 (HIGH) from NVD with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates network accessibility, low attack complexity, no privileges required, and user interaction required. Notably, Patchstack assigned a different CVSS score of 4.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD, Wiz).

If successfully exploited, this vulnerability could allow attackers to force authenticated users to execute unwanted actions under their current authentication level. The high CVSS score from NVD indicates potential severe impacts on the confidentiality, integrity, and availability of the affected system (NVD, Patchstack).

The software appears to be abandoned as it has not received updates for over a year. Security experts strongly advise users to remove and replace the plugin with an alternative solution, as no official fix is available. Note that merely deactivating the software does not remove the security threat (Patchstack).