Cross-Site Request Forgery in StoryMap by josepsitjar
CVE-2025-52797

8.2HIGH

Key Information:

Vendor: WordPress
Status: Storymap
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-52797?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the StoryMap plugin developed by josepsitjar. This vulnerability allows attackers to execute unauthorized commands on behalf of users, potentially leading to SQL Injection attacks. The issue affects StoryMap versions spanning from n/a to 2.1, compromising the security of sites utilizing this plugin. It is essential for users to update to the latest patch to ensure their applications remain secure against these types of exploits.

Affected Version(s)

StoryMap <= 2.1

References

https://patchstack.com/database/wordpress/plugin/wp-story...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Martino Spagnuolo (r3verii) (Patchstack Alliance)