Cross-Site Request Forgery Vulnerability in 多说社会化评论框 by Shen2
CVE-2025-48318

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: 多说社会化评论框
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-48318?

The 多说社会化评论框 by Shen2 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to exploit the system by forging requests on behalf of authenticated users. This can lead to unauthorized changes in user settings, causing potential security breaches. The vulnerability impacts all versions from n/a through 1.2, emphasizing the need for immediate updates to ensure the integrity and security of your site.

Affected Version(s)

多说社会化评论框 <= 1.2

References

https://patchstack.com/database/wordpress/plugin/duoshuo/...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
May 19, 2025

Credit

Mika (Patchstack Alliance)

WordPress

What is CVE-2025-48318?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit