cleantalk
Vulnerabilities and Security Researches

Coil Web Monetization, CVE-2025-9625

CVE, Research URL

CVE-2025-9625

Home page URL

Security reports for Coil Web Monetization

Application

Coil Web Monetization

Published on
Nov 18, 2025
Research Description
The Coil Web Monetization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the coil-get-css-selector parameter handling in the maybe_restrict_content function. This makes it possible for unauthenticated attackers to trigger CSS selector detection functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.0.2.
Status
vulnerable
Previous vulnerability researches
Coil Web Monetization (CVE-2025-9625) , Apr 24, 2026
New vulnerability
Portfolio & Image Gallery for WordPress | PowerFolio (CVE-2025-57932) , Apr 24, 2026
Bold Page Builder (CVE-2025-7730) , Apr 24, 2026
Flexi – Guest Submit (CVE-2025-9129) , Apr 24, 2026
Maps for WP (CVE-2025-57952) , Apr 24, 2026
Poll Maker – Best WordPress Poll Plugin (CVE-2025-57954) , Apr 24, 2026