CVE-2025-48344: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in ed4becky Rootspersona plugin affecting versions through 3.7.5. The vulnerability was disclosed on May 19, 2025, and was assigned CVE-2025-48344 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with low impact on integrity and availability, and no impact on confidentiality (Patchstack).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This is particularly concerning as the vulnerability is unauthenticated, meaning an attacker doesn't need to have an account on the target system to exploit it (Patchstack).

No official fix is currently available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).