CSRF Vulnerability in Smart DoFollow Plugin by LukaszWiecek
CVE-2025-25152

7.1HIGH

Key Information:

Vendor

WordPress
Status
Smart Dofollow
Vendor
CVE Published:
7 February 2025

What is CVE-2025-25152?

The Smart DoFollow plugin by LukaszWiecek is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which can lead to Stored Cross-Site Scripting (XSS). This vulnerability allows attackers to exploit user sessions, potentially compromising site integrity. Users of Smart DoFollow, particularly versions up to 1.0.2, should take immediate action to secure their sites and consider updating to mitigate this risk.

Affected Version(s)

Smart DoFollow <= 1.0.2

References

https://patchstack.com/database/wordpress/plugin/smart-do...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.