CSRF Vulnerability in Rishi On Page SEO + Whatsapp Chat Button
CVE-2025-25138

7.1HIGH

Key Information:

Vendor

WordPress
Status
On Page Seo + WhatSAPp Chat Button
Vendor
CVE Published:
7 February 2025

What is CVE-2025-25138?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rishi On Page SEO + Whatsapp Chat Button plugin. This vulnerability can lead to Stored Cross-Site Scripting (XSS), allowing attackers to execute malicious scripts in the context of a user's session. Affected versions range from n/a up to 2.0.0, highlighting the importance of updating and securing your plugins to mitigate potential security risks.

Affected Version(s)

On Page SEO + Whatsapp Chat Button <= 2.0.0

References

https://patchstack.com/database/wordpress/plugin/ops-robo...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.