Cross-Site Request Forgery Vulnerability in PPO Call To Actions by PPO Việt Nam
CVE-2025-24001

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ppo Call To Actions
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-24001?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the PPO Call To Actions plugin by PPO Việt Nam, allowing attackers to exploit user actions without consent. This security flaw affects all versions from n/a through 0.1.3, potentially enabling attackers to manipulate user interactions with the website, leading to unauthorized actions and data exposure.

Affected Version(s)

PPO Call To Actions <= 0.1.3

References

https://patchstack.com/database/wordpress/plugin/ppo-call...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Abdi Pranata (Patchstack Alliance)