CVE-2025-28863
Published: 11 March 2025
Summary
CVE-2025-28863 is a medium-severity CSRF (CWE-352) vulnerability in Carlosminatti Delete Original Image. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-28863 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the WordPress plugin Delete Original Image developed by Carlos Minatti. The flaw affects all versions of the plugin up to and including 0.4, enabling attackers to perform forged requests on behalf of authenticated users. It received a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges required, and user interaction needed.
An attacker can exploit this vulnerability by tricking an authenticated WordPress user, such as an administrator, into visiting a malicious webpage that submits a forged request to the plugin's delete function. No attacker authentication is required, but the victim must have sufficient privileges to trigger the action. Successful exploitation results in low integrity impact, potentially allowing unauthorized deletion of original images without the user's knowledge or consent.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/delete-original-image/vulnerability/wordpress-delete-original-image-plugin-0-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve details the vulnerability and recommends updating to a patched version of the plugin where available, or disabling it if no patch exists. Security practitioners should verify plugin updates via official WordPress repositories and implement CSRF tokens in custom workflows as a general mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7833
Vulnerability details
Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image delete-original-image allows Cross Site Request Forgery.This issue affects Delete Original Image: from n/a through <= 0.4.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF vuln in public-facing WordPress plugin exploited by tricking authenticated user to visit malicious webpage (T1190 for public-facing app exploitation; T1204.001 for malicious link delivery requiring user interaction).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CSRF vulnerability by requiring timely remediation through patching the affected Delete Original Image plugin versions up to 0.4.
Enforces session authenticity mechanisms such as CSRF tokens to prevent forged requests from tricking authenticated users into deleting original images.
Validates inputs to the plugin's delete function, ensuring requests include proper CSRF protections and rejecting unauthorized forged submissions.