CVE-2025-54703: 
WordPress vulnerability analysis and mitigation

The File Manager for Google Drive – Integrate Google Drive with WordPress plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2025-54703. The vulnerability was discovered in versions up to and including 1.5.2, and was publicly disclosed on July 30, 2025. This security issue affects the WordPress plugin's functionality due to missing or incorrect nonce validation (Rapid7, Patchstack).

The vulnerability has been assigned a CVSS score of 4.3, indicating a moderate severity level. The CVSS vector string is CVSS:3.1/AV:N/AC:M/Au:N/C:N/I:P/A:N, which indicates that the vulnerability is network accessible, requires moderate complexity to exploit, and does not require authentication. The technical root cause has been identified as missing or incorrect nonce validation on certain functions within the plugin (Rapid7, Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions by tricking site administrators into performing specific actions, such as clicking on malicious links. This falls under the OWASP Top 10 category of A1: Broken Access Control (Rapid7, Patchstack).

The vulnerability has been patched in version 1.5.3 of the Integrate Google Drive plugin. Users are advised to update to version 1.5.3 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).