CVE-2025-24549

Summary

CVE-2025-24549 is a newly disclosed vulnerability affecting the Mahbubur Rahman Post Meta plugin, specifically versions from n/a to 1.0.9. This issue combines the risks of Cross-Site Request Forgery (CSRF) and Reflected XSS (Cross-Site Scripting) attacks. An attacker can exploit the CSRF vulnerability to execute malicious scripts in a user's browser through a specially crafted web page, bypassing the user's input validation. The Reflected XSS component allows the attacker to inject malicious code into web pages viewed by other users, potentially leading to data theft or unauthorized actions. Users are urged to update their Post Meta plugin to the latest version to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.