Cross-Site Request Forgery Vulnerability in Social Ink Custom Post Type Lockdown
CVE-2025-23530

8.8HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
16 January 2025

What is CVE-2025-23530?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Custom Post Type Lockdown plugin developed by Social Ink. This security flaw allows attackers to perform actions on behalf of authenticated users without their consent, potentially leading to privilege escalation. The vulnerability affects all versions of the plugin up to 1.11, emphasizing the need for immediate updates to ensure site integrity and protect user data. Website administrators need to address this issue promptly to mitigate associated risks.

Affected Version(s)

Custom Post Type Lockdown <= 1.11

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mika (Patchstack Alliance)
.