Cross-Site Request Forgery in SEO Flow by LupsOnline
CVE-2025-48146

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Seo Flow By Lupsonline
Vendor: CVE Published:; 16 May 2025

What is CVE-2025-48146?

A Cross-Site Request Forgery (CSRF) vulnerability in SEO Flow by LupsOnline allows malicious actors to perform unauthorized actions on behalf of users, potentially leading to Stored Cross-Site Scripting (XSS) attacks. This vulnerability affects versions from n/a to 2.2.0, compromising the integrity of user interactions with the plugin. It is crucial for users of SEO Flow to apply the necessary security patches to protect their sites from exploits that could lead to unauthorized data access or manipulation.

Affected Version(s)

SEO Flow by LupsOnline <= 2.2.0

References

https://patchstack.com/database/wordpress/plugin/lupsonli...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2025
Vulnerability Reserved
May 15, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)