Cross-Site Request Forgery in WP Social Stream Plugin by Nirmal Kumar Ram
CVE-2025-25074

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Social Stream
Vendor: CVE Published:; 7 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in the WP Social Stream plugin developed by Nirmal Kumar Ram allows attackers to exploit the application by causing unsuspecting users to execute unintended actions. This can lead to stored Cross-Site Scripting (XSS) issues, wherein malicious code is stored on the server and executed when other users access compromised content. Affected versions of WP Social Stream range from n/a through 1.1. It is critical for users to promptly update to secure their installations against potential attacks.

Affected Version(s)

WP Social Stream <= 1.1

References

https://patchstack.com/database/wordpress/plugin/wp-socia...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

SOPROBRO (Patchstack Alliance)