CVE-2025-57893: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Epsiloncool's WP Fast Total Search WordPress plugin, identified as CVE-2025-57893. The vulnerability affects all versions up to and including 1.79.270, and was disclosed on August 22, 2025. This security issue was initially reported by Nabil Irawan on July 19, 2025 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue due to missing or incorrect nonce validation on a function. It has been assigned a CVSS v3.1 base score of 4.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability requires user interaction but can be exploited without authentication (Rapid7).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The CVSS scoring indicates low impact on integrity while maintaining no impact on confidentiality and availability (Patchstack).

The vulnerability has been patched in version 1.79.274. Users are advised to update to this version or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).