CVE-2025-24756

Summary

CVE-2025-24756 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the mgplugin Roi Calculator, from an undisclosed version through 1.0. An attacker can exploit this issue to perform Stored Cross-Site Scripting (XSS), injecting malicious scripts into the web application and potentially gaining unauthorized access to user data or session tokens. The vulnerability poses a significant risk, as CSRF attacks can bypass same-origin policy restrictions, making it easier for attackers to execute their malicious code on the victim's browser. Users are encouraged to update their Roi Calculator software to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.