CVE-2025-25072

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 7, 2025

CWE ID 352

Summary

CVE-2025-25072 is a newly discovered vulnerability affecting the WP Admin Custom Page plugin. This issue involves a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS attacks. The CSRF flaw enables an unauthenticated attacker to perform malicious actions on behalf of a victim, while the Stored XSS component lets attackers inject malicious code into a webpage viewed by other users. The vulnerability affects WP Admin Custom Page versions from n/a through 1.5.0. Updating to the latest, secure version is highly recommended to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3By3jF
https://www.cve.org/CVERecord?id=CVE-2025-25072
https://nvd.nist.gov/vuln/detail/CVE-2025-25072

Back to Vulnerability Database

CVE-2025-25072

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations