Tech Desk 
Oct 15, 2025
The Pakistan Telecommunication Authority (PTA) issued a cybersecurity advisory on Wednesday warning website owners and developers in Pakistan about serious vulnerabilities in popular WordPress plugins, which could expose websites to hacking attempts and data theft.
According to the PTA, several plugins have been found with Cross-Site Request Forgery (CSRF) vulnerabilities, including MetricThemes Munk Sites, FancyWP Starter Templates, OneStore Sites, WP Keyword Monitor, URL-Preview-Box, Vignette Ads, Show Notice or Message on Admin Area, WP Social Stream, and WP Admin Custom Page. These flaws could let hackers perform unauthorised actions without the user’s consent.
The telecommunication authority added that in some cases, these weaknesses may also lead to stored cross-site scripting (XSS) attacks, allowing cybercriminals to inject malicious scripts, steal user data, or damage website integrity.
However, the threat level has been marked high, urging immediate preventive action from developers and administrators.
The PTA has advised WordPress users to update the affected plugins to their latest versions and follow official WordPress security practices. It also recommended restricting admin access, applying the principle of least privilege, and using trusted security plugins to detect and block CSRF and XSS attacks.
The PTA emphasised the role of awareness and training, advising developers to implement CSRF tokens (nonces) and educate employees about safe computing habits, phishing detection, and secure browsing.
