WP Blast | SEO & Performance Booster

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Description

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for unauthenticated attackers to trigger cache purging, sitemap clearing, plugin data purging, and score resetting operations via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.

Basic Information

ID CVE-2025-9622

Source Wordfence

Published Sep 10, 2025 at 06:38

Affected Product

Vendor wpblast

Product WP Blast | SEO & Performance Booster

Version *

Affected Versions wpblast WP Blast | SEO & Performance Booster *

CWE Classification

CWE-352

References

{
    "lastseen": "",
    "description": "The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for unauthenticated attackers to trigger cache purging, sitemap clearing, plugin data purging, and score resetting operations via forged requests granted they can trick a site administrator into performing an action such as clicking on a link.",
    "published": "2025-09-10T06:38:49.546Z",
    "modified": "2025-09-10T06:38:49.546Z",
    "type": "cve",
    "title": "WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8954061-cb8f-49fc-84d9-50851f7f48a2?source=cve\nhttps://plugins.trac.wordpress.org/browser/wpblast/tags/1.8.6/src/Smartfire/Wordpress/WPBlast/Settings.php#L914\nhttps://plugins.trac.wordpress.org/browser/wpblast/tags/1.8.6/src/Smartfire/Wordpress/WPBlast/Settings.php#L906\nhttps://plugins.trac.wordpress.org/browser/wpblast/tags/1.8.6/src/Smartfire/Wordpress/WPBlast/Settings.php#L922\nhttps://plugins.trac.wordpress.org/browser/wpblast/tags/1.8.6/src/Smartfire/Wordpress/WPBlast/Settings.php#L930\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3357450%40wpblast&new=3357450%40wpblast&sfp_email=&sfph_mail=",
    "id": "CVE-2025-9622",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "wpblast WP Blast | SEO & Performance Booster *",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP Blast | SEO & Performance Booster",
    "version": "*",
    "vendor": "wpblast",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing_CVE-2025-9622