CVE-2025-22325
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2025-22325 is a newly disclosed vulnerability that affects the Nik Chankov Autocompleter, a plugin used for text completion in various web applications. The flaw combines Cross-Site Request Forgery (CSRF) and Stored XSS (Cross-Site Scripting) vulnerabilities. An attacker can exploit the CSRF weakness to issue malicious requests on behalf of a user, while the Stored XSS component allows the injection of malicious scripts into a webpage, potentially leading to unauthorized access or data theft. This issue poses a significant risk to users of the Autocompleter plugin, particularly those using outdated versions ranging from n/a to 1.3.5.2. Immediate updates to the latest version are recommended to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WordPress