Cross-Site Request Forgery Vulnerability in BSK Forms Blacklist by BannerSky
CVE-2025-22347

8.2HIGH

Key Information:

Vendor: WordPress
Status: Bsk Forms Blacklist
Vendor: CVE Published:; 7 January 2025

What is CVE-2025-22347?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the BSK Forms Blacklist plugin developed by BannerSky. This vulnerability allows attackers to exploit the plugin and perform Blind SQL Injection, potentially compromising the security and integrity of the data. This issue affects versions from n/a to 3.9, making it crucial for users to take immediate action to secure their installations.

Affected Version(s)

BSK Forms Blacklist <= 3.9

References

https://patchstack.com/database/wordpress/plugin/bsk-grav...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Jan 3, 2025

Credit

minhtuanact (Patchstack Alliance)