CVE-2025-53274: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability has been identified in Hossin Asaadi's WP Permalink Translator WordPress plugin, affecting versions through 1.7.6. The vulnerability was discovered by security researcher Skalucy and was publicly disclosed on June 27, 2025. This security issue has been assigned CVE-2025-53274 and received a CVSS v3.1 base score of 7.1 (High) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). According to the CVSS v3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, the vulnerability has network attack vector, low attack complexity, requires no privileges, but does need user interaction. The scope is changed, with low impacts on confidentiality, integrity, and availability (NVD).

The CSRF vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The vulnerability also allows for Stored XSS attacks, potentially leading to unauthorized data access or manipulation (Patchstack).

No official fix is currently available for this vulnerability. The recommended mitigation strategy is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive future updates or security fixes (Patchstack).