CSRF Vulnerability in Rishi On Page SEO + Whatsapp Chat Button
CVE-2025-25138
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 7 February 2025
What is CVE-2025-25138?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rishi On Page SEO + Whatsapp Chat Button plugin. This vulnerability can lead to Stored Cross-Site Scripting (XSS), allowing attackers to execute malicious scripts in the context of a user's session. Affected versions range from n/a up to 2.0.0, highlighting the importance of updating and securing your plugins to mitigate potential security risks.
Affected Version(s)
On Page SEO + Whatsapp Chat Button <= 2.0.0