CVE-2025-22784

High

Published: 15 January 2025

Published

15 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score 0.0032 54.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22784 is a high-severity CSRF (CWE-352) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, reporting, and timely patching of the CSRF-to-arbitrary-file-deletion flaw in the Background Control WordPress plugin.

SC-23 Session Authenticity good match

prevent

Prevents CSRF exploitation by enforcing session authenticity mechanisms such as unique session identifiers and anti-replay protections.

SI-10 Information Input Validation good match

prevent

Blocks path traversal payloads in CSRF requests by validating all information inputs to prevent arbitrary file deletion.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

CSRF with path traversal in public-facing WordPress plugin enables remote unauthenticated arbitrary file deletion causing availability impact, directly mapping to exploitation of public-facing apps (T1190) and data destruction (T1485).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Cross-Site Request Forgery (CSRF) vulnerability in swedish boy Background Control background-control allows Path Traversal.This issue affects Background Control: from n/a through <= 1.0.5.

Deeper analysisAI

CVE-2025-22784 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Background Control WordPress plugin developed by swedish boy. The flaw enables path traversal and affects all versions of the plugin up to and including 1.0.5.

Remote unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required, as reflected in its CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). Exploitation allows attackers to perform arbitrary file deletion on the target system, resulting in high-impact disruption to availability.

The Patchstack advisory documents this as a CSRF-to-arbitrary-file-deletion vulnerability specifically in Background Control plugin version 1.0.5 and provides details on the issue.

Details

CWE(s): CWE-352

CVEs Like This One

CVE-2025-55046Shared CWE-352

CVE-2025-7667Shared CWE-352

CVE-2026-40883Shared CWE-352

CVE-2025-2319Shared CWE-352

CVE-2025-23803Shared CWE-352

CVE-2025-25071Shared CWE-352

CVE-2025-23821Shared CWE-352

CVE-2025-30615Shared CWE-352

CVE-2025-22814Shared CWE-352

CVE-2025-28857Shared CWE-352

References

https://patchstack.com/database/Wordpress/Plugin/background-control/vulnerability/wordpress-background-control-plugin-1-0-5-csrf-to-arbitrary-file-deletion-vulnerability?_s_id=cve
audit@patchstack.com