CVE-2025-26572

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 13, 2025

CWE ID 352

Summary

CVE-2025-26572 is a Cross-Site Request Forgery (CSRF) vulnerability that affects WP PHPList, a mailing list management plugin for WordPress. An attacker can exploit this issue by tricking a user into performing an unwanted action on a website, which could result in unintended changes or actions being performed on the affected WP PHPList installation. This vulnerability is significant as it can compromise the security of websites utilizing WP PHPList, allowing attackers to manipulate user actions and potentially gain unauthorized access. The issue affects WP PHPList versions from n/a through 1.7. It is essential for users to update their WP PHPList plugin to the latest version or consider alternative solutions to mitigate the risk of CSRF attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database