CVE-2025-25168

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 7, 2025

Updated: Feb 11, 2025

CWE ID 352

Summary

CVE-2025-25168 is a serious vulnerability affecting Blackandwhitedigital's BookPress – For Book Authors, where versions from n/a to 1.2.7 are impacted. This issue combines two threats: a Cross-Site Request Forgery (CSRF) and a Cross-Site Scripting (XSS) vulnerability. An attacker exploiting the CSRF weakness could manipulate users into making unintended actions on the affected site. Meanwhile, the XSS component allows an attacker to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. The intersection of these two risks significantly increases the attack surface for sites using the vulnerable BookPress plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database