CSRF Vulnerability in Post Thumbs Plugin Affects WordPress Sites
CVE-2025-26569

7.1HIGH

Key Information:

Vendor: Callmeforsox
Status: Post Thumbs
Vendor: CVE Published:; 13 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Post Thumbs plugin for WordPress, allowing unauthorized actions to be performed by users without their consent. This weakness enables attackers to execute stored XSS attacks, potentially compromising user data and website integrity. The affected version is any version prior to 1.5, making it crucial for WordPress site owners using this plugin to apply the necessary patches to safeguard against potential exploits.

Affected Version(s)

Post Thumbs <= 1.5

References

https://patchstack.com/database/wordpress/plugin/post-thu...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)