Cross-Site Request Forgery in CompleteWebResources Social Share Buttons by WordPress
CVE-2025-26580

7.1HIGH

Key Information:

Vendor: WordPress
Status: Page/post Specific Social Share Buttons
Vendor: CVE Published:; 13 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the CompleteWebResources Page/Post Specific Social Share Buttons plugin. This vulnerability allows an attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to Stored Cross-Site Scripting (XSS) attacks. This affects versions from n/a through 2.1, posing significant risks to user data and site integrity. It is crucial for users to patch their installations and implement security best practices to mitigate these threats.

Affected Version(s)

Page/Post Specific Social Share Buttons <= 2.1

References

https://patchstack.com/database/wordpress/plugin/pagepost...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Abdi Pranata (Patchstack Alliance)