CSRF Vulnerability in ServerBuddy by PluginBuddy.Com
CVE-2025-49895

8.8HIGH

Key Information:

Vendor: WordPress
Status: Serverbuddy By Pluginbuddy.com
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-49895?

A Cross-Site Request Forgery (CSRF) vulnerability in ServerBuddy by PluginBuddy.Com allows for object injection, potentially leading to unauthorized actions being performed on behalf of authenticated users. This issue impacts versions from n/a up to 1.0.5, highlighting the importance of securing your WordPress site against such attacks.

Affected Version(s)

ServerBuddy by PluginBuddy.com <= 1.0.5

References

https://patchstack.com/database/wordpress/plugin/serverbu...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Nguyen Xuan Chien (Patchstack Bug Bounty program)