CSRF Vulnerability in Post Thumbs Plugin Affects WordPress Sites
CVE-2025-26569

7.1HIGH

Key Information:

Vendor: WordPress
Status: Post Thumbs
Vendor: CVE Published:; 13 February 2025

What is CVE-2025-26569?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Post Thumbs plugin for WordPress, allowing unauthorized actions to be performed by users without their consent. This weakness enables attackers to execute stored XSS attacks, potentially compromising user data and website integrity. The affected version is any version prior to 1.5, making it crucial for WordPress site owners using this plugin to apply the necessary patches to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Post Thumbs <= 1.5

References

https://patchstack.com/database/wordpress/plugin/post-thu...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)

JSON

WordPress