Cross-Site Request Forgery Vulnerability in WP Background Tile by Sam Burdge
CVE-2025-23573

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Background Tile
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23573?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Background Tile plugin developed by Sam Burdge. This flaw allows malicious actors to exploit the plugin, leading to potential stored Cross-Site Scripting (XSS) attacks. Affected versions range from the initial release up to 1.0. Users of the plugin are advised to implement security best practices and monitor for updates to mitigate risks associated with this vulnerability.

Affected Version(s)

WP Background Tile <= 1.0

References

https://patchstack.com/database/wordpress/plugin/wp-backg...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)