Data Modification Vulnerability in WP Social Ninja Plugin for WordPress
CVE-2025-13880

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-13880?

The WP Social Ninja plugin for WordPress is susceptible to unauthorized access and manipulation of sensitive configurations due to inadequate capability verification in its getAdvanceSettings and saveAdvanceSettings methods. This weakness, present in all versions up to and including 4.0.1, can be exploited by unauthenticated threat actors, allowing them to both view and alter the plugin's advanced settings. This poses significant security risks, making it essential for users to secure their installations.

Affected Version(s)

WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets * <= 4.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-social-revi...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Dec 2, 2025

Credit

Angus Girvan

JSON