CVE-2025-0807

🗓️ 22 Mar 2025 06:41:10Reported by WordfenceType

CITS Support WordPress plugin vulnerable to Cross-Site Request Forgery due to nonce validation issues.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-0807	22 Mar 202507:38	–	circl
CNNVD	WordPress plugin CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts 跨站请求伪造漏洞	22 Mar 202500:00	–	cnnvd
Cvelist	CVE-2025-0807 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update	22 Mar 202506:41	–	cvelist
EUVD	EUVD-2025-7192	3 Oct 202520:07	–	euvd
NVD	CVE-2025-0807	22 Mar 202507:15	–	nvd
Patchstack	WordPress CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin <= 4.2 - Cross-Site Request Forgery to Settings Update vulnerability	31 Dec 202500:00	–	patchstack
RedhatCVE	CVE-2025-0807	24 Mar 202507:14	–	redhatcve
Vulnrichment	CVE-2025-0807 CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts <= 4.2 - Cross-Site Request Forgery to Settings Update	22 Mar 202506:41	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 17, 2025 to March 23, 2025)	27 Mar 202513:55	–	wordfence

Vulners

Node

ashikcse cits_support_svg,_webp_media_and_ttf,otf_file_upload,_use_custom_fontsRange≤4.2wordpress

[
  {
    "vendor": "ashikcse",
    "product": "CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/3772ddad-4960-48c8-904e-2457d12bd01c
plugins	www.plugins.trac.wordpress.org/browser/cits-support-svg-webp-media-upload/trunk/includes/cits-custom-fonts.php

15 Apr 2026 00:35Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.14.3

EPSS0.00087

SSVC

CWE-352