CSRF Vulnerability in Advanced All in One Admin Search by WP Spotlight
CVE-2025-32261
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 April 2025
What is CVE-2025-32261?
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Advanced All in One Admin Search plugin by WP Spotlight. This issue can allow an attacker to perform unauthorized actions on behalf of an authenticated user, compromising site integrity and user data. The vulnerability affects versions up to and including 1.1.1, making it essential for users to implement security measures or upgrade to a secure version.
Affected Version(s)
Advanced All in One Admin Search by WP Spotlight <= 1.1.1
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Thi Huyen Trang - Skalucy (Patchstack Alliance)