Cross-Site Request Forgery Vulnerability in Namaste! LMS by Bob
CVE-2025-27353

4.3MEDIUM

Key Information:

Vendor: Bob
Status: Namaste! Lms
Vendor: CVE Published:; 24 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Namaste! LMS, a popular learning management system plugin for WordPress. This flaw allows attackers to trick users into executing unwanted actions on the affected site, compromising the integrity and security of user sessions. The vulnerability exists in versions up to 2.6.5, making it crucial for site administrators to apply recommended patches and ensure their installations are secure.

Affected Version(s)

Namaste! LMS <= 2.6.5

References

https://patchstack.com/database/wordpress/plugin/namaste-...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Nabil Irawan (Patchstack Alliance)